1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
7 dnl Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 dnl Process this file with autoconf to produce a configure script.
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
44 dnl Initialize automake. automake < 1.12 didn't have serial-tests and
45 dnl gives an error if it sees this, but for automake >= 1.13
46 dnl serial-tests is required so we have to include it. Solution is to
47 dnl test for the version of automake (by running an external command)
48 dnl and provide it if necessary. Note we have to do this entirely using
49 dnl m4 macros since automake queries this macro by running
50 dnl 'autoconf --trace ...'.
51 m4_define([serial_tests], [
52 m4_esyscmd([automake --version |
54 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}'
57 AM_INIT_AUTOMAKE(foreign serial_tests) dnl NB: Do not [quote] this parameter.
59 AC_USE_SYSTEM_EXTENSIONS
63 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
69 [ --disable-lz4 Disable LZ4 compression support],
70 [enable_lz4="$enableval"],
74 AC_ARG_ENABLE(comp-stub,
75 [ --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers],
76 [enable_comp_stub="$enableval"],
77 [enable_comp_stub="no"]
82 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
84 [enable_crypto_ofb_cfb="yes"]
89 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
91 [enable_x509_alt_username="no"]
96 [AS_HELP_STRING([--disable-server], [disable server support only (but retain client support) @<:@default=yes@:>@])],
103 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
105 [enable_plugins="yes"]
110 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
112 [enable_management="yes"]
117 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
124 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
126 [enable_fragment="yes"]
131 [AS_HELP_STRING([--disable-multihome], [disable multi-homed UDP server support (--multihome) @<:@default=yes@:>@])],
133 [enable_multihome="yes"]
138 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
140 [enable_port_share="yes"]
145 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
152 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
159 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
161 [enable_iproute2="no"]
166 [AS_HELP_STRING([--disable-def-auth], [disable deferred authentication @<:@default=yes@:>@])],
168 [enable_def_auth="yes"]
173 [AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
180 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
184 *-*-openbsd*) enable_plugin_auth_pam="no";;
185 *-mingw*) enable_plugin_auth_pam="no";;
186 *) enable_plugin_auth_pam="yes";;
193 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
197 *-mingw*) enable_plugin_down_root="no";;
198 *) enable_plugin_down_root="yes";;
205 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
207 [enable_pam_dlopen="no"]
212 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
219 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
221 [enable_pedantic="no"]
226 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail if the compiler issues warnings (debugging option) @<:@default=no@:>@])],
233 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
235 [enable_strict_options="no"]
240 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
242 [enable_selinux="no"]
247 [AS_HELP_STRING([--enable-systemd], [enable systemd suppport @<:@default=no@:>@])],
249 [enable_systemd="no"]
254 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
256 [enable_async_push="no"]
261 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
262 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
267 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
270 dmalloc|valgrind|ssl|no) ;;
271 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
274 [with_mem_check="no"]
279 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls @<:@default=openssl@:>@])],
283 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
286 [with_crypto_library="openssl"]
289 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
290 if test -n "${PLUGINDIR}"; then
291 plugindir="${PLUGINDIR}"
293 plugindir="\${libdir}/openvpn/plugins"
296 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
299 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
300 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
303 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
304 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
305 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
308 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
309 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
312 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
313 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
316 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
317 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
320 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
321 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
322 have_tap_header="yes"
323 dnl some Mac OS X tendering (we use vararg macros...)
324 CPPFLAGS="$CPPFLAGS -no-cpp-precomp"
325 ac_cv_type_struct_in_pktinfo=no
328 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
329 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
330 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
331 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
335 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
336 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
339 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
340 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
341 ROUTE="/usr/sbin/route"
342 have_tap_header="yes"
343 ac_cv_header_net_if_h="no" # exists, but breaks things
346 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
347 have_tap_header="yes"
358 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
359 AC_ARG_VAR([ROUTE], [full path to route utility])
360 AC_ARG_VAR([IPROUTE], [full path to ip utility])
361 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
362 AC_ARG_VAR([MAN2HTML], [path to man2html utility])
363 AC_ARG_VAR([GIT], [path to git utility])
364 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
365 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
366 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
367 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
368 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
369 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
370 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
371 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
372 AC_CHECK_PROGS([MAN2HTML], [man2html])
373 AC_CHECK_PROGS([GIT], [git]) # optional
374 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
375 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
376 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
377 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
379 # Set -std=c99 unless user already specified a -std=
382 *) CFLAGS="${CFLAGS} -std=c99" ;;
392 LT_LANG([Windows Resource])
417 AX_CPP_VARARG_MACRO_ISO
418 AX_CPP_VARARG_MACRO_GCC
421 AC_CHECK_SIZEOF([unsigned int])
422 AC_CHECK_SIZEOF([unsigned long])
424 stdio.h stdarg.h limits.h \
425 time.h errno.h fcntl.h io.h direct.h \
426 ctype.h sys/types.h sys/socket.h \
427 signal.h unistd.h dlfcn.h \
428 netinet/in.h netinet/in_systm.h \
429 netinet/tcp.h arpa/inet.h netdb.h \
430 windows.h winsock2.h ws2tcpip.h \
434 sys/time.h sys/ioctl.h sys/stat.h \
435 sys/mman.h sys/file.h sys/wait.h \
436 unistd.h signal.h libgen.h stropts.h \
437 syslog.h pwd.h grp.h \
438 sys/sockio.h sys/uio.h linux/sockios.h \
439 linux/types.h sys/poll.h sys/epoll.h err.h \
446 #ifdef HAVE_SYS_TYPES_H
447 #include <sys/types.h>
449 #ifdef HAVE_SYS_SOCKET_H
450 #include <sys/socket.h>
455 #ifdef HAVE_NETINET_IN_H
456 #include <netinet/in.h>
458 #ifdef HAVE_WINDOWS_H
461 #ifdef HAVE_WINSOCK2_H
462 #include <winsock2.h>
464 #ifdef HAVE_WS2TCPIP_H
465 #include <ws2tcpip.h>
467 #ifdef HAVE_NETINET_IN_SYSTM_H
468 #include <netinet/in_systm.h>
470 #ifdef HAVE_NETINET_IP_H
471 #include <netinet/ip.h>
476 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
479 [[${SOCKET_INCLUDES}]]
485 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
486 [[${SOCKET_INCLUDES}]]
491 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
492 [[${SOCKET_INCLUDES}]]
496 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
498 [[${SOCKET_INCLUDES}]]
501 [struct sock_extended_err],
502 [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
504 [[${SOCKET_INCLUDES}]]
508 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
510 [[${SOCKET_INCLUDES}]]
514 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
516 [[${SOCKET_INCLUDES}]]
520 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
522 [[${SOCKET_INCLUDES}]]
526 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
528 [[${SOCKET_INCLUDES}]]
531 [struct in_pktinfo.ipi_spec_dst],
532 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
534 [[${SOCKET_INCLUDES}]]
537 [struct sockaddr_in6],
539 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
540 [[${SOCKET_INCLUDES}]]
546 [[${SOCKET_INCLUDES}]]
548 AC_CHECKING([anonymous union support])
566 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
568 [AC_MSG_RESULT([no])]
571 saved_LDFLAGS="$LDFLAGS"
572 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
573 AC_MSG_CHECKING([linker supports --wrap])
578 void __real_exit(int);
579 void __wrap_exit(int i) {
589 have_ld_wrap_support=yes
591 [AC_MSG_RESULT([no])],
593 LDFLAGS="$saved_LDFLAGS"
595 dnl We emulate signals in Windows
599 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
609 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
619 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
629 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
639 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
650 daemon chroot getpwnam setuid nice system getpid dup dup2 \
651 getpass syslog openlog mlockall getgrnam setgid \
652 setgroups stat flock readv writev time gettimeofday \
653 ctime memset vsnprintf strdup \
654 setsid chdir putenv getpeername unlink \
655 chsize ftruncate execve getpeereid umask basename dirname access \
669 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
674 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
679 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
681 AC_SUBST([SOCKETS_LIBS])
684 LIBS="${LIBS} ${SOCKETS_LIBS}"
685 AC_CHECK_FUNCS([sendmsg recvmsg])
686 # Windows use stdcall for winsock so we cannot auto detect these
689 [socket recv recvfrom send sendto listen dnl
690 accept connect bind select gethostbyname inet_ntoa]dnl
694 [setsockopt getsockopt getsockname poll]dnl
696 if test "${WIN32}" = "yes"; then
697 # normal autoconf function checking does not find inet_ntop/inet_pton
698 # because they need to include the actual header file and link ws2_32.dll
699 LIBS="${LIBS} -lws2_32"
700 AC_MSG_CHECKING([for MinGW inet_ntop()/inet_pton()])
704 #include <ws2tcpip.h>
707 int r = (int) inet_ntop (0, NULL, NULL, 0);
708 r += inet_pton(AF_INET, NULL, NULL);
713 AC_DEFINE([HAVE_INET_NTOP],[1],[MinGW inet_ntop])
714 AC_DEFINE([HAVE_INET_PTON],[1],[MinGW inet_pton])
716 [AC_MSG_RESULT([not found])]
720 m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
721 m4_define([UF], [[m4_join([_], [HAVE], m4_toupper(F))]])
722 AC_DEFINE([UF], [1], [Win32 builtin])
725 AC_CHECK_FUNCS([inet_ntop inet_pton])
729 [AC_MSG_ERROR([Required library function not found])]
731 AC_CHECK_FUNCS(SOCKET_OPT_FUNCS)
735 # we assume res_init() always exist, but need to find out *where*...
736 AC_SEARCH_LIBS(__res_init, resolv bind, ,
737 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
738 AC_SEARCH_LIBS(res_init, resolv bind, , )))
740 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
741 old_CFLAGS="${CFLAGS}"
742 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
745 net/if_tun.h net/tun/if_tun.h \
749 [have_tap_header="yes"]
753 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
756 #ifdef HAVE_LINUX_IF_TUN_H
757 #include <linux/if_tun.h>
761 CFLAGS="${old_CFLAGS}"
762 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
767 [SELINUX_LIBS="-lselinux"]
769 AC_SUBST([SELINUX_LIBS])
771 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
772 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
773 if test -z "${LIBPAM_LIBS}"; then
777 [LIBPAM_LIBS="-lpam"]
781 case "${with_mem_check}" in
784 [valgrind/memcheck.h],
786 CFLAGS="${CFLAGS} -g -fno-inline"
790 [Use valgrind memory debugging library]
793 [AC_MSG_ERROR([valgrind headers not found.])]
803 LIBS="${LIBS} -ldmalloc"
807 [Use dmalloc memory debugging library]
810 [AC_MSG_ERROR([dmalloc library not found.])]
812 [AC_MSG_ERROR([dmalloc headers not found.])]
823 [Use memory debugging function in OpenSSL]
825 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
827 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
834 [libpkcs11-helper-1 >= 1.11],
835 [have_pkcs11_helper="yes"],
839 if test "${with_crypto_library}" = "openssl"; then
840 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
841 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
843 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
844 # if the user did not explicitly specify flags, try to autodetect
848 [have_openssl="yes"],
849 [] # If this fails, we will do another test next
851 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
854 saved_CFLAGS="${CFLAGS}"
856 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
857 LIBS="${LIBS} ${OPENSSL_LIBS}"
859 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
860 # are used, check the version directly in the OpenSSL include file
861 if test "${have_openssl}" != "yes"; then
862 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.1])
866 #include <openssl/opensslv.h>
869 /* Version encoding: MNNFFPPS - see opensslv.h for details */
870 #if OPENSSL_VERSION_NUMBER < 0x10001000L
871 #error OpenSSL too old
875 [AC_MSG_RESULT([ok])],
876 [AC_MSG_ERROR([OpenSSL version too old])]
880 AC_CHECK_FUNCS([SSL_CTX_new EVP_CIPHER_CTX_set_key_length],
882 [AC_MSG_ERROR([openssl check failed])]
885 have_openssl_engine="yes"
888 ENGINE_load_builtin_engines \
889 ENGINE_register_all_complete \
893 [have_openssl_engine="no"; break]
895 if test "${have_openssl_engine}" = "no"; then
896 AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
898 #include <openssl/engine.h>
902 if test "${have_openssl_engine}" = "yes"; then
903 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
906 have_crypto_aead_modes="yes"
910 [have_crypto_aead_modes="no"; break]
922 SSL_CTX_get_default_passwd_cb \
923 SSL_CTX_get_default_passwd_cb_userdata \
924 SSL_CTX_set_security_level \
926 X509_STORE_get0_objects \
928 X509_OBJECT_get_type \
932 EVP_PKEY_get0_EC_KEY \
941 RSA_meth_set_pub_enc \
942 RSA_meth_set_pub_dec \
943 RSA_meth_set_priv_enc \
944 RSA_meth_set_priv_dec \
947 RSA_meth_set_finish \
948 RSA_meth_set0_app_data \
949 RSA_meth_get0_app_data \
954 CFLAGS="${saved_CFLAGS}"
957 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
958 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
959 CRYPTO_LIBS="${OPENSSL_LIBS}"
960 elif test "${with_crypto_library}" = "mbedtls"; then
961 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
962 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
964 saved_CFLAGS="${CFLAGS}"
967 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
968 # if the user did not explicitly specify flags, try to autodetect
969 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
973 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
974 [AC_MSG_ERROR([Could not find mbed TLS.])],
975 [${PKCS11_HELPER_LIBS}]
979 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
980 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
982 AC_MSG_CHECKING([mbedtls version])
986 #include <mbedtls/version.h>
989 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
990 #error invalid version
994 [AC_MSG_RESULT([ok])],
995 [AC_MSG_ERROR([mbed TLS 2.y.z required])]
998 have_crypto_aead_modes="yes"
1001 mbedtls_cipher_write_tag \
1002 mbedtls_cipher_check_tag \
1005 [have_crypto_aead_modes="no"; break]
1008 CFLAGS="${saved_CFLAGS}"
1009 LIBS="${saved_LIBS}"
1010 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
1011 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
1012 CRYPTO_LIBS="${MBEDTLS_LIBS}"
1014 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
1017 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
1018 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
1020 if test -z "${LZO_LIBS}"; then
1023 [lzo1x_1_15_compress],
1024 [LZO_LIBS="-llzo2"],
1027 [lzo1x_1_15_compress],
1033 if test "${have_lzo}" = "yes"; then
1034 saved_CFLAGS="${CFLAGS}"
1035 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
1042 [AC_MSG_ERROR([lzoutil.h is missing])]
1051 [AC_MSG_ERROR([lzo1x.h is missing])]
1054 CFLAGS="${saved_CFLAGS}"
1058 dnl check for LZ4 library
1061 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1062 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1063 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1064 if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
1065 # if the user did not explicitly specify flags, try to autodetect
1066 PKG_CHECK_MODULES([LZ4],
1067 [liblz4 >= 1.7.1 liblz4 < 100],
1069 [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
1070 # We also add set LZ4_LIBS otherwise the
1071 # linker will not know about the lz4 library
1075 saved_CFLAGS="${CFLAGS}"
1076 saved_LIBS="${LIBS}"
1077 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1078 LIBS="${LIBS} ${LZ4_LIBS}"
1080 # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
1081 # are used, check the version directly in the LZ4 include file
1082 if test "${have_lz4}" != "yes"; then
1083 AC_CHECK_HEADERS([lz4.h],
1087 if test "${have_lz4h}" = "yes" ; then
1088 AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
1094 /* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
1095 #if LZ4_VERSION_NUMBER < 10701L
1096 #error LZ4 is too old
1104 [AC_MSG_RESULT([system LZ4 library is too old])]
1109 # Double check we have a few needed functions
1110 if test "${have_lz4}" = "yes" ; then
1112 [LZ4_compress_default],
1116 [LZ4_decompress_safe],
1121 if test "${have_lz4}" != "yes" ; then
1122 AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
1123 AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
1126 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1127 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1128 AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
1129 CFLAGS="${saved_CFLAGS}"
1130 LIBS="${saved_LIBS}"
1135 dnl Check for systemd
1137 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1138 if test "$enable_systemd" = "yes" ; then
1139 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1141 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1144 PKG_CHECK_EXISTS( [libsystemd > 216],
1145 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1146 [systemd is newer than v216])]
1149 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1152 AC_MSG_ERROR([systemd development headers not found.])
1155 saved_LIBS="${LIBS}"
1156 LIBS="${LIBS} ${libsystemd_LIBS}"
1157 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1158 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1159 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1160 LIBS="${saved_LIBS}"
1162 if test -n "${SYSTEMD_UNIT_DIR}"; then
1163 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1165 systemdunitdir="\${libdir}/systemd/system"
1168 if test -n "${TMPFILES_DIR}"; then
1169 tmpfilesdir="${TMPFILES_DIR}"
1171 tmpfilesdir="\${libdir}/tmpfiles.d"
1176 AC_MSG_CHECKING([git checkout])
1178 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1179 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1182 AC_MSG_RESULT([${GIT_CHECKOUT}])
1184 if test -n "${SP_PLATFORM_WINDOWS}"; then
1185 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #"
1186 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #"
1188 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['/'], [Path separator])
1189 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["/"], [Path separator])
1192 dnl enable --x509-username-field feature if requested
1193 if test "${enable_x509_alt_username}" = "yes"; then
1194 if test "${with_crypto_library}" = "mbedtls" ; then
1195 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1198 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1201 test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support])
1202 test "${enable_server}" = "no" && AC_DEFINE([ENABLE_CLIENT_ONLY], [1], [Enable client capability only])
1203 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1204 test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability])
1205 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1206 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1207 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1208 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1209 test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
1210 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
1211 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
1213 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1214 test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
1215 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1216 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1218 if test "${enable_plugins}" = "yes"; then
1219 OPTIONAL_DL_LIBS="${DL_LIBS}"
1220 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1222 enable_plugin_auth_pam="no"
1223 enable_plugin_down_root="no"
1226 if test "${enable_iproute2}" = "yes"; then
1227 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1228 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1230 if test "${WIN32}" != "yes"; then
1231 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1232 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1236 if test "${enable_selinux}" = "yes"; then
1237 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1238 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1239 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1242 if test "${enable_lzo}" = "yes"; then
1243 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1244 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1245 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1246 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1248 if test "${enable_comp_stub}" = "yes"; then
1249 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1250 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1251 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1254 if test "${enable_pkcs11}" = "yes"; then
1255 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1256 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1257 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1258 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1262 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1263 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1268 AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [
1269 old_cflags="$CFLAGS"
1271 AC_MSG_CHECKING([whether the compiler acceppts $1])
1272 AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])],
1273 [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])]
1276 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-function])
1277 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-parameter])
1278 ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
1280 if test "${enable_pedantic}" = "yes"; then
1282 CFLAGS="${CFLAGS} -pedantic"
1283 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1285 if test "${enable_strict}" = "yes"; then
1286 CFLAGS="${CFLAGS} -Wsign-compare -Wuninitialized"
1288 if test "${enable_werror}" = "yes"; then
1289 CFLAGS="${CFLAGS} -Werror"
1292 if test "${WIN32}" = "yes"; then
1293 test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
1296 if test "${enable_plugin_auth_pam}" = "yes"; then
1297 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1298 if test "${enable_pam_dlopen}" = "yes"; then
1299 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1300 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1302 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1303 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1307 if test "${enable_async_push}" = "yes"; then
1310 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1311 AC_MSG_ERROR([inotify.h not found.])
1315 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1316 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1318 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1319 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1320 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1321 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1322 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1323 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1324 AC_SUBST([TAP_WIN_COMPONENT_ID])
1325 AC_SUBST([TAP_WIN_MIN_MAJOR])
1326 AC_SUBST([TAP_WIN_MIN_MINOR])
1328 AC_SUBST([OPTIONAL_DL_LIBS])
1329 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1330 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1331 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1332 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1333 AC_SUBST([OPTIONAL_LZO_LIBS])
1334 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1335 AC_SUBST([OPTIONAL_LZ4_LIBS])
1336 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1337 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1338 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1340 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1341 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1343 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1344 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1345 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1346 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1347 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1349 sampledir="\$(docdir)/sample"
1350 AC_SUBST([plugindir])
1351 AC_SUBST([sampledir])
1353 AC_SUBST([systemdunitdir])
1354 AC_SUBST([tmpfilesdir])
1356 VENDOR_SRC_ROOT="\$(abs_top_srcdir)/vendor/"
1357 VENDOR_DIST_ROOT="\$(abs_top_builddir)/vendor/dist"
1358 VENDOR_BUILD_ROOT="\$(abs_top_builddir)/vendor/.build"
1359 AC_SUBST([VENDOR_SRC_ROOT])
1360 AC_SUBST([VENDOR_BUILD_ROOT])
1361 AC_SUBST([VENDOR_DIST_ROOT])
1363 TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_LIBS} -lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
1364 TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_CFLAGS} -I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
1366 AC_SUBST([TEST_LDFLAGS])
1367 AC_SUBST([TEST_CFLAGS])
1369 # Check if cmake is available and cmocka git submodule is initialized,
1370 # needed for unit testing
1371 AC_CHECK_PROGS([CMAKE], [cmake])
1372 if test -n "${CMAKE}"; then
1373 if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
1374 AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
1376 AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
1377 AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.])
1380 AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.])
1381 AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
1390 build/msvc/msvc-generate/Makefile
1393 distro/rpm/openvpn.spec
1394 distro/systemd/Makefile
1396 doc/doxygen/Makefile
1397 doc/doxygen/openvpn.doxyfile
1401 src/openvpn/Makefile
1402 src/openvpnserv/Makefile
1403 src/plugins/Makefile
1404 src/plugins/auth-pam/Makefile
1405 src/plugins/down-root/Makefile
1407 tests/unit_tests/Makefile
1408 tests/unit_tests/example_test/Makefile
1409 tests/unit_tests/openvpn/Makefile
1410 tests/unit_tests/plugins/Makefile
1411 tests/unit_tests/plugins/auth-pam/Makefile
1415 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])