1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
7 dnl Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 dnl Process this file with autoconf to produce a configure script.
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
44 dnl Initialize automake. automake < 1.12 didn't have serial-tests and
45 dnl gives an error if it sees this, but for automake >= 1.13
46 dnl serial-tests is required so we have to include it. Solution is to
47 dnl test for the version of automake (by running an external command)
48 dnl and provide it if necessary. Note we have to do this entirely using
49 dnl m4 macros since automake queries this macro by running
50 dnl 'autoconf --trace ...'.
51 m4_define([serial_tests], [
52 m4_esyscmd([automake --version |
54 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}'
57 # This foreign option prevents autoreconf from overriding our COPYING and
59 AM_INIT_AUTOMAKE(foreign serial_tests 1.9) dnl NB: Do not [quote] this parameter.
61 AC_USE_SYSTEM_EXTENSIONS
65 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
71 [ --disable-lz4 Disable LZ4 compression support],
72 [enable_lz4="$enableval"],
76 AC_ARG_ENABLE(comp-stub,
77 [ --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers],
78 [enable_comp_stub="$enableval"],
79 [enable_comp_stub="no"]
84 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
86 [enable_crypto_ofb_cfb="yes"]
91 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
93 [enable_x509_alt_username="no"]
98 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
100 [enable_plugins="yes"]
105 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
107 [enable_management="yes"]
112 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
119 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
121 [enable_fragment="yes"]
126 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
128 [enable_port_share="yes"]
133 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
140 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
147 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
149 [enable_iproute2="no"]
154 [AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
161 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
165 *-*-openbsd*) enable_plugin_auth_pam="no";;
166 *-mingw*) enable_plugin_auth_pam="no";;
167 *) enable_plugin_auth_pam="yes";;
174 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
178 *-mingw*) enable_plugin_down_root="no";;
179 *) enable_plugin_down_root="yes";;
186 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
188 [enable_pam_dlopen="no"]
193 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
200 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
202 [enable_pedantic="no"]
207 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail if the compiler issues warnings (debugging option) @<:@default=no@:>@])],
214 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
216 [enable_strict_options="no"]
221 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
223 [enable_selinux="no"]
228 [AS_HELP_STRING([--enable-systemd], [enable systemd support @<:@default=no@:>@])],
230 [enable_systemd="no"]
235 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
237 [enable_async_push="no"]
242 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
243 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
248 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
251 dmalloc|valgrind|ssl|no) ;;
252 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
255 [with_mem_check="no"]
260 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls|wolfssl @<:@default=openssl@:>@])],
263 openssl|mbedtls|wolfssl) ;;
264 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
267 [with_crypto_library="openssl"]
272 [AS_HELP_STRING([--disable-wolfssl-options-h], [Disable including options.h in wolfSSL @<:@default=yes@:>@])],
274 [enable_wolfssl_options_h="yes"]
277 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
278 if test -n "${PLUGINDIR}"; then
279 plugindir="${PLUGINDIR}"
281 plugindir="\${libdir}/openvpn/plugins"
284 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
285 AM_CONDITIONAL([TARGET_LINUX], [false])
288 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
289 AM_CONDITIONAL([TARGET_LINUX], [true])
290 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
294 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
295 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
296 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
297 test -x /bin/bash && SHELL="/bin/bash"
300 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
301 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
304 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
305 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
308 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
309 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
312 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
313 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
314 have_tap_header="yes"
315 ac_cv_type_struct_in_pktinfo=no
318 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
319 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
320 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
321 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
325 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
326 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
329 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
330 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
331 ROUTE="/usr/sbin/route"
332 have_tap_header="yes"
333 ac_cv_header_net_if_h="no" # exists, but breaks things
336 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
337 have_tap_header="yes"
348 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
349 AC_ARG_VAR([ROUTE], [full path to route utility])
350 AC_ARG_VAR([IPROUTE], [full path to ip utility])
351 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
352 AC_ARG_VAR([GIT], [path to git utility])
353 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
354 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
355 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
356 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
357 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
358 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
359 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
360 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
361 AC_CHECK_PROGS([GIT], [git]) # optional
362 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
363 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
364 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
365 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
368 # man page generation - based on python-docutils
370 AC_ARG_VAR([RST2MAN], [path to rst2man utility])
371 AC_ARG_VAR([RST2HTML], [path to rst2html utility])
372 AC_CHECK_PROGS([RST2MAN], [rst2man])
373 AC_CHECK_PROGS([RST2HTML], [rst2html])
374 AM_CONDITIONAL([HAVE_PYDOCUTILS], [test "${RST2MAN}" -a "${RST2HTML}"])
376 # Set -std=c99 unless user already specified a -std=
379 *) CFLAGS="${CFLAGS} -std=c99" ;;
389 LT_LANG([Windows Resource])
407 AC_CHECK_SIZEOF([unsigned int])
408 AC_CHECK_SIZEOF([unsigned long])
411 sys/types.h sys/socket.h \
413 netinet/in.h netinet/in_systm.h \
414 netinet/tcp.h arpa/inet.h netdb.h \
418 sys/time.h sys/ioctl.h sys/stat.h \
419 sys/mman.h sys/file.h sys/wait.h \
420 unistd.h libgen.h stropts.h \
421 syslog.h pwd.h grp.h termios.h \
422 sys/sockio.h sys/uio.h linux/sockios.h \
423 linux/types.h poll.h sys/epoll.h err.h \
428 #ifdef HAVE_SYS_TYPES_H
429 #include <sys/types.h>
431 #ifdef HAVE_SYS_SOCKET_H
432 #include <sys/socket.h>
437 #ifdef HAVE_NETINET_IN_H
438 #include <netinet/in.h>
444 #include <winsock2.h>
447 #include <ws2tcpip.h>
449 #ifdef HAVE_NETINET_IN_SYSTM_H
450 #include <netinet/in_systm.h>
452 #ifdef HAVE_NETINET_IP_H
453 #include <netinet/ip.h>
458 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
461 [[${SOCKET_INCLUDES}]]
467 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
468 [[${SOCKET_INCLUDES}]]
473 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
474 [[${SOCKET_INCLUDES}]]
478 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
480 [[${SOCKET_INCLUDES}]]
483 [struct sock_extended_err],
484 [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
486 [[${SOCKET_INCLUDES}]]
490 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
492 [[${SOCKET_INCLUDES}]]
496 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
498 [[${SOCKET_INCLUDES}]]
502 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
504 [[${SOCKET_INCLUDES}]]
508 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
510 [[${SOCKET_INCLUDES}]]
513 [struct in_pktinfo.ipi_spec_dst],
514 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
516 [[${SOCKET_INCLUDES}]]
519 [struct sockaddr_in6],
521 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
522 [[${SOCKET_INCLUDES}]]
528 [[${SOCKET_INCLUDES}]]
530 AC_CHECKING([anonymous union support])
548 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
550 [AC_MSG_RESULT([no])]
553 saved_LDFLAGS="$LDFLAGS"
554 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
555 AC_MSG_CHECKING([linker supports --wrap])
560 void __real_exit(int);
561 void __wrap_exit(int i) {
571 have_ld_wrap_support=yes
573 [AC_MSG_RESULT([no])],
575 LDFLAGS="$saved_LDFLAGS"
577 dnl We emulate signals in Windows
581 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
589 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
597 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
605 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
613 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
622 daemon chroot getpwnam setuid nice system dup dup2 \
623 syslog openlog mlockall getrlimit getgrnam setgid \
624 setgroups flock readv writev time gettimeofday \
626 chsize ftruncate execve getpeereid basename dirname access \
627 epoll_create strsep \
640 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
645 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
650 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
652 AC_SUBST([SOCKETS_LIBS])
655 LIBS="${LIBS} ${SOCKETS_LIBS}"
656 AC_CHECK_FUNCS([sendmsg recvmsg])
660 # we assume res_init() always exist, but need to find out *where*...
661 AC_SEARCH_LIBS(__res_init, resolv bind, ,
662 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
663 AC_SEARCH_LIBS(res_init, resolv bind, , )))
665 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
666 old_CFLAGS="${CFLAGS}"
667 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
670 net/if_tun.h net/tun/if_tun.h \
674 [have_tap_header="yes"]
678 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
681 #ifdef HAVE_LINUX_IF_TUN_H
682 #include <linux/if_tun.h>
686 CFLAGS="${old_CFLAGS}"
687 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
692 [SELINUX_LIBS="-lselinux"]
694 AC_SUBST([SELINUX_LIBS])
696 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
697 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
698 if test -z "${LIBPAM_LIBS}"; then
702 [LIBPAM_LIBS="-lpam"]
706 case "${with_mem_check}" in
709 [valgrind/memcheck.h],
711 CFLAGS="${CFLAGS} -g -fno-inline"
715 [Use valgrind memory debugging library]
718 [AC_MSG_ERROR([valgrind headers not found.])]
728 LIBS="${LIBS} -ldmalloc"
732 [Use dmalloc memory debugging library]
735 [AC_MSG_ERROR([dmalloc library not found.])]
737 [AC_MSG_ERROR([dmalloc headers not found.])]
748 [Use memory debugging function in OpenSSL]
750 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
752 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
759 [libpkcs11-helper-1 >= 1.11],
760 [have_pkcs11_helper="yes"],
764 if test "${with_crypto_library}" = "openssl"; then
765 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
766 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
768 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
769 # if the user did not explicitly specify flags, try to autodetect
773 [have_openssl="yes"],
774 [] # If this fails, we will do another test next
776 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
779 saved_CFLAGS="${CFLAGS}"
781 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
782 LIBS="${LIBS} ${OPENSSL_LIBS}"
784 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
785 # are used, check the version directly in the OpenSSL include file
786 if test "${have_openssl}" != "yes"; then
787 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.2])
791 #include <openssl/opensslv.h>
794 /* Version encoding: MNNFFPPS - see opensslv.h for details */
795 #if OPENSSL_VERSION_NUMBER < 0x10002000L
796 #error OpenSSL too old
800 [AC_MSG_RESULT([ok])],
801 [AC_MSG_ERROR([OpenSSL version too old])]
805 AC_CHECK_FUNCS([SSL_CTX_new],
807 [AC_MSG_ERROR([openssl check failed])]
810 have_openssl_engine="yes"
813 ENGINE_load_builtin_engines \
814 ENGINE_register_all_complete \
818 [have_openssl_engine="no"; break]
820 if test "${have_openssl_engine}" = "no"; then
821 AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
823 #include <openssl/engine.h>
827 if test "${have_openssl_engine}" = "yes"; then
828 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
834 [AC_MSG_ERROR([OpenSSL check for AES-256-GCM support failed])]
837 # All supported OpenSSL version (>= 1.0.2)
839 have_export_keying_material="yes"
841 CFLAGS="${saved_CFLAGS}"
844 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
845 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
846 CRYPTO_LIBS="${OPENSSL_LIBS}"
847 elif test "${with_crypto_library}" = "mbedtls"; then
848 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
849 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
851 saved_CFLAGS="${CFLAGS}"
854 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
855 # if the user did not explicitly specify flags, try to autodetect
856 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
860 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
861 [AC_MSG_ERROR([Could not find mbed TLS.])],
862 [${PKCS11_HELPER_LIBS}]
866 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
867 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
869 AC_MSG_CHECKING([mbedtls version])
873 #include <mbedtls/version.h>
876 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
877 #error invalid version
881 [AC_MSG_RESULT([ok])],
882 [AC_MSG_ERROR([mbed TLS 2.y.z required])]
887 mbedtls_cipher_write_tag \
888 mbedtls_cipher_check_tag \
891 [AC_MSG_ERROR([mbed TLS check for AEAD support failed])]
894 have_export_keying_material="yes"
896 [mbedtls_ssl_conf_export_keys_ext_cb],
898 [have_export_keying_material="no"]
901 CFLAGS="${saved_CFLAGS}"
903 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
904 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
905 CRYPTO_LIBS="${MBEDTLS_LIBS}"
907 elif test "${with_crypto_library}" = "wolfssl"; then
908 AC_ARG_VAR([WOLFSSL_CFLAGS], [C compiler flags for wolfssl. The include directory should
909 contain the regular wolfSSL header files but also the
910 wolfSSL OpenSSL header files. Ex: -I/usr/local/include
911 -I/usr/local/include/wolfssl])
912 AC_ARG_VAR([WOLFSSL_LIBS], [linker flags for wolfssl])
914 saved_CFLAGS="${CFLAGS}"
917 if test -z "${WOLFSSL_CFLAGS}" -a -z "${WOLFSSL_LIBS}"; then
918 # if the user did not explicitly specify flags, try to autodetect
923 [AC_MSG_ERROR([Could not find wolfSSL.])]
926 [WOLFSSL_INCLUDEDIR],
930 [AC_MSG_ERROR([Could not find wolfSSL includedir variable.])]
932 WOLFSSL_CFLAGS="${WOLFSSL_CFLAGS} -I${WOLFSSL_INCLUDEDIR}/wolfssl"
934 saved_CFLAGS="${CFLAGS}"
936 CFLAGS="${CFLAGS} ${WOLFSSL_CFLAGS}"
937 LIBS="${LIBS} ${WOLFSSL_LIBS}"
943 [AC_MSG_ERROR([Could not link wolfSSL library.])]
945 AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header wolfssl/options.h not found!])])
947 # wolfSSL signal EKM support
948 have_export_keying_material="yes"
950 if test "${enable_wolfssl_options_h}" = "yes"; then
951 AC_DEFINE([EXTERNAL_OPTS_OPENVPN], [1], [Include options.h from wolfSSL library])
953 AC_DEFINE([WOLFSSL_USER_SETTINGS], [1], [Use custom user_settings.h file for wolfSSL library])
956 have_export_keying_material="yes"
958 CFLAGS="${saved_CFLAGS}"
961 AC_DEFINE([ENABLE_CRYPTO_WOLFSSL], [1], [Use wolfSSL crypto library])
962 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use wolfSSL openssl compatibility layer])
963 CRYPTO_CFLAGS="${WOLFSSL_CFLAGS}"
964 CRYPTO_LIBS="${WOLFSSL_LIBS}"
966 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
969 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
970 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
972 if test -z "${LZO_LIBS}"; then
975 [lzo1x_1_15_compress],
979 [lzo1x_1_15_compress],
985 if test "${have_lzo}" = "yes"; then
986 saved_CFLAGS="${CFLAGS}"
987 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
994 [AC_MSG_ERROR([lzoutil.h is missing])]
1003 [AC_MSG_ERROR([lzo1x.h is missing])]
1006 CFLAGS="${saved_CFLAGS}"
1010 dnl check for LZ4 library
1013 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1014 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1015 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1016 if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
1017 # if the user did not explicitly specify flags, try to autodetect
1018 PKG_CHECK_MODULES([LZ4],
1019 [liblz4 >= 1.7.1 liblz4 < 100],
1021 [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
1022 # We also add set LZ4_LIBS otherwise the
1023 # linker will not know about the lz4 library
1027 saved_CFLAGS="${CFLAGS}"
1028 saved_LIBS="${LIBS}"
1029 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1030 LIBS="${LIBS} ${LZ4_LIBS}"
1032 # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
1033 # are used, check the version directly in the LZ4 include file
1034 if test "${have_lz4}" != "yes"; then
1035 AC_CHECK_HEADERS([lz4.h],
1039 if test "${have_lz4h}" = "yes" ; then
1040 AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
1046 /* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
1047 #if LZ4_VERSION_NUMBER < 10701L
1048 #error LZ4 is too old
1056 [AC_MSG_ERROR([system LZ4 library is too old])]
1061 # Double check we have a few needed functions
1062 if test "${have_lz4}" = "yes" ; then
1064 [LZ4_compress_default],
1068 [LZ4_decompress_safe],
1073 if test "${have_lz4}" != "yes" ; then
1074 AC_MSG_ERROR([No compatible LZ4 compression library found. Consider --disable-lz4])
1077 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1078 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1079 AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
1080 CFLAGS="${saved_CFLAGS}"
1081 LIBS="${saved_LIBS}"
1086 dnl Check for systemd
1088 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1089 if test "$enable_systemd" = "yes" ; then
1090 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1092 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1095 PKG_CHECK_EXISTS( [libsystemd > 216],
1096 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1097 [systemd is newer than v216])]
1100 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1103 AC_MSG_ERROR([systemd development headers not found.])
1106 saved_LIBS="${LIBS}"
1107 LIBS="${LIBS} ${libsystemd_LIBS}"
1108 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1109 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1110 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1111 LIBS="${saved_LIBS}"
1113 if test -n "${SYSTEMD_UNIT_DIR}"; then
1114 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1116 systemdunitdir="\${libdir}/systemd/system"
1119 if test -n "${TMPFILES_DIR}"; then
1120 tmpfilesdir="${TMPFILES_DIR}"
1122 tmpfilesdir="\${libdir}/tmpfiles.d"
1127 AC_MSG_CHECKING([git checkout])
1129 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1130 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1133 AC_MSG_RESULT([${GIT_CHECKOUT}])
1135 dnl enable --x509-username-field feature if requested
1136 if test "${enable_x509_alt_username}" = "yes"; then
1137 if test "${with_crypto_library}" = "mbedtls" ; then
1138 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1141 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1144 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1145 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1146 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1147 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1148 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1149 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
1150 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
1152 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1153 if test "${have_export_keying_material}" = "yes"; then
1155 [HAVE_EXPORT_KEYING_MATERIAL], [1],
1156 [Crypto library supports keying material exporter]
1159 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1160 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1162 if test "${enable_plugins}" = "yes"; then
1163 OPTIONAL_DL_LIBS="${DL_LIBS}"
1164 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1166 enable_plugin_auth_pam="no"
1167 enable_plugin_down_root="no"
1170 AM_CONDITIONAL([HAVE_SITNL], [false])
1172 if test "${enable_iproute2}" = "yes"; then
1173 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1174 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1175 else if test "${have_sitnl}" = "yes"; then
1176 AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support])
1177 AM_CONDITIONAL([HAVE_SITNL], [true])
1178 else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then
1179 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1180 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1185 if test "${enable_selinux}" = "yes"; then
1186 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1187 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1188 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1191 if test "${enable_lzo}" = "yes"; then
1192 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1193 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1194 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1195 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1197 if test "${enable_comp_stub}" = "yes"; then
1198 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1199 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1200 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1203 if test "${enable_pkcs11}" = "yes"; then
1204 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1205 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1206 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1207 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1211 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1212 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1217 # When testing a compiler option, we add -Werror to force
1218 # an error when the option is unsupported. This is not
1219 # required for gcc, but some compilers such as clang needs it.
1220 AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [
1221 old_cflags="$CFLAGS"
1222 CFLAGS="$1 -Werror $CFLAGS"
1223 AC_MSG_CHECKING([whether the compiler accepts $1])
1224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])]; CFLAGS="$1 $old_cflags",
1225 [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])]
1228 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
1229 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-function])
1230 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-parameter])
1231 ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
1233 if test "${enable_pedantic}" = "yes"; then
1235 CFLAGS="${CFLAGS} -pedantic"
1236 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1238 if test "${enable_strict}" = "yes"; then
1239 CFLAGS="${CFLAGS} -Wsign-compare -Wuninitialized"
1241 if test "${enable_werror}" = "yes"; then
1242 CFLAGS="${CFLAGS} -Werror"
1245 if test "${enable_plugin_auth_pam}" = "yes"; then
1246 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1247 if test "${enable_pam_dlopen}" = "yes"; then
1248 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1249 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1251 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1252 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1256 if test "${enable_async_push}" = "yes"; then
1263 AC_DEFINE([HAVE_SYS_INOTIFY_H])
1264 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push])
1271 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1272 AC_MSG_ERROR([inotify.h not found.])
1278 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1279 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1281 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1282 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1283 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1284 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1285 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1286 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1287 AC_SUBST([TAP_WIN_COMPONENT_ID])
1288 AC_SUBST([TAP_WIN_MIN_MAJOR])
1289 AC_SUBST([TAP_WIN_MIN_MINOR])
1291 AC_SUBST([OPTIONAL_DL_LIBS])
1292 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1293 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1294 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1295 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1296 AC_SUBST([OPTIONAL_LZO_LIBS])
1297 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1298 AC_SUBST([OPTIONAL_LZ4_LIBS])
1299 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1300 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1301 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1302 AC_SUBST([OPTIONAL_INOTIFY_CFLAGS])
1303 AC_SUBST([OPTIONAL_INOTIFY_LIBS])
1305 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1306 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1308 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1309 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1310 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1311 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1312 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1313 AM_CONDITIONAL([OPENSSL_ENGINE], [test "${have_openssl_engine}" = "yes"])
1315 sampledir="\$(docdir)/sample"
1316 AC_SUBST([plugindir])
1317 AC_SUBST([sampledir])
1319 AC_SUBST([systemdunitdir])
1320 AC_SUBST([tmpfilesdir])
1324 [AS_HELP_STRING([--disable-unit-tests],
1325 [Disables building and running the unit tests suite])],
1327 [enable_unit_tests="yes"]
1330 # Check if cmocka is available - needed for unit testing
1333 [have_cmocka="yes"],
1334 [AC_MSG_WARN([cmocka.pc not found on the system. Unit tests disabled])]
1336 AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a "${have_cmocka}" = "yes" ])
1337 AC_SUBST([ENABLE_UNITTESTS])
1339 TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_HELPER_LIBS}"
1340 TEST_LDFLAGS="${TEST_LDFLAGS} ${OPTIONAL_LZO_LIBS} ${CMOCKA_LIBS}"
1341 TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_HELPER_CFLAGS}"
1342 TEST_CFLAGS="${TEST_CFLAGS} ${OPTIONAL_LZO_CFLAGS}"
1343 TEST_CFLAGS="${TEST_CFLAGS} -I\$(top_srcdir)/include ${CMOCKA_CFLAGS}"
1345 AC_SUBST([TEST_LDFLAGS])
1346 AC_SUBST([TEST_CFLAGS])
1353 build/msvc/msvc-generate/Makefile
1355 distro/systemd/Makefile
1357 doc/doxygen/Makefile
1358 doc/doxygen/openvpn.doxyfile
1360 sample/sample-plugins/Makefile
1363 src/openvpn/Makefile
1364 src/openvpnmsica/Makefile
1365 src/openvpnserv/Makefile
1366 src/plugins/Makefile
1367 src/plugins/auth-pam/Makefile
1368 src/plugins/down-root/Makefile
1371 tests/unit_tests/Makefile
1372 tests/unit_tests/example_test/Makefile
1373 tests/unit_tests/openvpn/Makefile
1374 tests/unit_tests/plugins/Makefile
1375 tests/unit_tests/plugins/auth-pam/Makefile
1376 tests/unit_tests/engine-key/Makefile
1379 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])