1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
7 dnl Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 dnl Process this file with autoconf to produce a configure script.
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
44 dnl Initialize automake. automake < 1.12 didn't have serial-tests and
45 dnl gives an error if it sees this, but for automake >= 1.13
46 dnl serial-tests is required so we have to include it. Solution is to
47 dnl test for the version of automake (by running an external command)
48 dnl and provide it if necessary. Note we have to do this entirely using
49 dnl m4 macros since automake queries this macro by running
50 dnl 'autoconf --trace ...'.
51 m4_define([serial_tests], [
52 m4_esyscmd([automake --version |
54 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}'
57 AM_INIT_AUTOMAKE(foreign serial_tests) dnl NB: Do not [quote] this parameter.
59 AC_USE_SYSTEM_EXTENSIONS
63 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
69 [ --disable-lz4 Disable LZ4 compression support],
70 [enable_lz4="$enableval"],
74 AC_ARG_ENABLE(comp-stub,
75 [ --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers],
76 [enable_comp_stub="$enableval"],
77 [enable_comp_stub="no"]
82 [AS_HELP_STRING([--disable-crypto], [disable crypto support @<:@default=yes@:>@])],
89 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
91 [enable_crypto_ofb_cfb="yes"]
96 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
98 [enable_x509_alt_username="no"]
103 [AS_HELP_STRING([--disable-server], [disable server support only (but retain client support) @<:@default=yes@:>@])],
105 [enable_server="yes"]
110 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
112 [enable_plugins="yes"]
117 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
119 [enable_management="yes"]
124 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
131 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
133 [enable_fragment="yes"]
138 [AS_HELP_STRING([--disable-multihome], [disable multi-homed UDP server support (--multihome) @<:@default=yes@:>@])],
140 [enable_multihome="yes"]
145 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
147 [enable_port_share="yes"]
152 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
159 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
166 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
168 [enable_iproute2="no"]
173 [AS_HELP_STRING([--disable-def-auth], [disable deferred authentication @<:@default=yes@:>@])],
175 [enable_def_auth="yes"]
180 [AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
187 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
191 *-*-openbsd*) enable_plugin_auth_pam="no";;
192 *-mingw*) enable_plugin_auth_pam="no";;
193 *) enable_plugin_auth_pam="yes";;
200 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
204 *-mingw*) enable_plugin_down_root="no";;
205 *) enable_plugin_down_root="yes";;
212 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
214 [enable_pam_dlopen="no"]
219 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
226 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
228 [enable_pedantic="no"]
233 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail is the compiler issues warnings (debugging option) @<:@default=no@:>@])],
240 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
242 [enable_strict_options="no"]
247 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
249 [enable_selinux="no"]
254 [AS_HELP_STRING([--enable-systemd], [enable systemd suppport @<:@default=no@:>@])],
256 [enable_systemd="no"]
261 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
263 [enable_async_push="no"]
268 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
269 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
274 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
277 dmalloc|valgrind|ssl|no) ;;
278 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
281 [with_mem_check="no"]
286 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls @<:@default=openssl@:>@])],
290 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
293 [with_crypto_library="openssl"]
296 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
297 if test -n "${PLUGINDIR}"; then
298 plugindir="${PLUGINDIR}"
300 plugindir="\${libdir}/openvpn/plugins"
303 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
306 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
307 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
310 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
311 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
312 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
315 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
316 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
319 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
320 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
323 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
324 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
327 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
328 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
329 have_tap_header="yes"
330 dnl some Mac OS X tendering (we use vararg macros...)
331 CPPFLAGS="$CPPFLAGS -no-cpp-precomp"
332 ac_cv_type_struct_in_pktinfo=no
335 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
336 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
337 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
338 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
342 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
343 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
346 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
347 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
348 ROUTE="/usr/sbin/route"
349 have_tap_header="yes"
350 ac_cv_header_net_if_h="no" # exists, but breaks things
353 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
354 have_tap_header="yes"
365 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
366 AC_ARG_VAR([ROUTE], [full path to route utility])
367 AC_ARG_VAR([IPROUTE], [full path to ip utility])
368 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
369 AC_ARG_VAR([MAN2HTML], [path to man2html utility])
370 AC_ARG_VAR([GIT], [path to git utility])
371 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
372 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
373 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
374 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
375 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
376 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
377 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
378 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
379 AC_CHECK_PROGS([MAN2HTML], [man2html])
380 AC_CHECK_PROGS([GIT], [git]) # optional
381 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
382 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
383 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
384 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
386 # Set -std=c99 unless user already specified a -std=
389 *) CFLAGS="${CFLAGS} -std=c99" ;;
399 LT_LANG([Windows Resource])
424 AX_CPP_VARARG_MACRO_ISO
425 AX_CPP_VARARG_MACRO_GCC
428 AC_CHECK_SIZEOF([unsigned int])
429 AC_CHECK_SIZEOF([unsigned long])
431 stdio.h stdarg.h limits.h \
432 time.h errno.h fcntl.h io.h direct.h \
433 ctype.h sys/types.h sys/socket.h \
434 signal.h unistd.h dlfcn.h \
435 netinet/in.h netinet/in_systm.h \
436 netinet/tcp.h arpa/inet.h netdb.h \
437 windows.h winsock2.h ws2tcpip.h \
441 sys/time.h sys/ioctl.h sys/stat.h \
442 sys/mman.h sys/file.h sys/wait.h \
443 unistd.h signal.h libgen.h stropts.h \
444 syslog.h pwd.h grp.h \
445 sys/sockio.h sys/uio.h linux/sockios.h \
446 linux/types.h sys/poll.h sys/epoll.h err.h \
453 #ifdef HAVE_SYS_TYPES_H
454 #include <sys/types.h>
456 #ifdef HAVE_SYS_SOCKET_H
457 #include <sys/socket.h>
462 #ifdef HAVE_NETINET_IN_H
463 #include <netinet/in.h>
465 #ifdef HAVE_WINDOWS_H
468 #ifdef HAVE_WINSOCK2_H
469 #include <winsock2.h>
471 #ifdef HAVE_WS2TCPIP_H
472 #include <ws2tcpip.h>
474 #ifdef HAVE_NETINET_IN_SYSTM_H
475 #include <netinet/in_systm.h>
477 #ifdef HAVE_NETINET_IP_H
478 #include <netinet/ip.h>
483 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
486 [[${SOCKET_INCLUDES}]]
492 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
493 [[${SOCKET_INCLUDES}]]
498 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
499 [[${SOCKET_INCLUDES}]]
503 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
505 [[${SOCKET_INCLUDES}]]
508 [struct sock_extended_err],
509 [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
511 [[${SOCKET_INCLUDES}]]
515 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
517 [[${SOCKET_INCLUDES}]]
521 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
523 [[${SOCKET_INCLUDES}]]
527 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
529 [[${SOCKET_INCLUDES}]]
533 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
535 [[${SOCKET_INCLUDES}]]
538 [struct in_pktinfo.ipi_spec_dst],
539 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
541 [[${SOCKET_INCLUDES}]]
544 [struct sockaddr_in6],
546 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
547 [[${SOCKET_INCLUDES}]]
553 [[${SOCKET_INCLUDES}]]
555 AC_CHECKING([anonymous union support])
573 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
575 [AC_MSG_RESULT([no])]
578 saved_LDFLAGS="$LDFLAGS"
579 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
580 AC_MSG_CHECKING([linker supports --wrap])
585 void __real_exit(int);
586 void __wrap_exit(int i) {
596 have_ld_wrap_support=yes
598 [AC_MSG_RESULT([no])],
600 LDFLAGS="$saved_LDFLAGS"
602 dnl We emulate signals in Windows
606 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
616 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
626 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
636 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
646 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
657 daemon chroot getpwnam setuid nice system getpid dup dup2 \
658 getpass syslog openlog mlockall getgrnam setgid \
659 setgroups stat flock readv writev time gettimeofday \
660 ctime memset vsnprintf strdup \
661 setsid chdir putenv getpeername unlink \
662 chsize ftruncate execve getpeereid umask basename dirname access \
676 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
681 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
686 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
688 AC_SUBST([SOCKETS_LIBS])
691 LIBS="${LIBS} ${SOCKETS_LIBS}"
692 AC_CHECK_FUNCS([sendmsg recvmsg])
693 # Windows use stdcall for winsock so we cannot auto detect these
696 [socket recv recvfrom send sendto listen dnl
697 accept connect bind select gethostbyname inet_ntoa]dnl
701 [setsockopt getsockopt getsockname poll]dnl
703 if test "${WIN32}" = "yes"; then
704 # normal autoconf function checking does not find inet_ntop/inet_pton
705 # because they need to include the actual header file and link ws2_32.dll
706 LIBS="${LIBS} -lws2_32"
707 AC_MSG_CHECKING([for MinGW inet_ntop()/inet_pton()])
711 #include <ws2tcpip.h>
714 int r = (int) inet_ntop (0, NULL, NULL, 0);
715 r += inet_pton(AF_INET, NULL, NULL);
720 AC_DEFINE([HAVE_INET_NTOP],[1],[MinGW inet_ntop])
721 AC_DEFINE([HAVE_INET_PTON],[1],[MinGW inet_pton])
723 [AC_MSG_RESULT([not found])]
727 m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
728 m4_define([UF], [[m4_join([_], [HAVE], m4_toupper(F))]])
729 AC_DEFINE([UF], [1], [Win32 builtin])
732 AC_CHECK_FUNCS([inet_ntop inet_pton])
736 [AC_MSG_ERROR([Required library function not found])]
738 AC_CHECK_FUNCS(SOCKET_OPT_FUNCS)
742 # we assume res_init() always exist, but need to find out *where*...
743 AC_SEARCH_LIBS(__res_init, resolv bind, ,
744 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
745 AC_SEARCH_LIBS(res_init, resolv bind, , )))
747 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
748 old_CFLAGS="${CFLAGS}"
749 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
752 net/if_tun.h net/tun/if_tun.h \
756 [have_tap_header="yes"]
760 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
763 #ifdef HAVE_LINUX_IF_TUN_H
764 #include <linux/if_tun.h>
768 CFLAGS="${old_CFLAGS}"
769 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
774 [SELINUX_LIBS="-lselinux"]
776 AC_SUBST([SELINUX_LIBS])
778 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
779 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
780 if test -z "${LIBPAM_LIBS}"; then
784 [LIBPAM_LIBS="-lpam"]
788 case "${with_mem_check}" in
791 [valgrind/memcheck.h],
793 CFLAGS="${CFLAGS} -g -fno-inline"
797 [Use valgrind memory debugging library]
800 [AC_MSG_ERROR([valgrind headers not found.])]
810 LIBS="${LIBS} -ldmalloc"
814 [Use dmalloc memory debugging library]
817 [AC_MSG_ERROR([dmalloc library not found.])]
819 [AC_MSG_ERROR([dmalloc headers not found.])]
830 [Use memory debugging function in OpenSSL]
832 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
834 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
841 [libpkcs11-helper-1 >= 1.11],
842 [have_pkcs11_helper="yes"],
846 if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
847 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
848 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
850 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
851 # if the user did not explicitly specify flags, try to autodetect
855 [have_openssl="yes"],
856 [] # If this fails, we will do another test next
858 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
861 saved_CFLAGS="${CFLAGS}"
863 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
864 LIBS="${LIBS} ${OPENSSL_LIBS}"
866 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
867 # are used, check the version directly in the OpenSSL include file
868 if test "${have_openssl}" != "yes"; then
869 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.1])
873 #include <openssl/opensslv.h>
876 /* Version encoding: MNNFFPPS - see opensslv.h for details */
877 #if OPENSSL_VERSION_NUMBER < 0x10001000L
878 #error OpenSSL too old
882 [AC_MSG_RESULT([ok])],
883 [AC_MSG_ERROR([OpenSSL version too old])]
887 AC_CHECK_FUNCS([SSL_CTX_new EVP_CIPHER_CTX_set_key_length],
889 [AC_MSG_ERROR([openssl check failed])]
892 have_openssl_engine="yes"
895 ENGINE_load_builtin_engines \
896 ENGINE_register_all_complete \
900 [have_openssl_engine="no"; break]
902 if test "${have_openssl_engine}" = "yes"; then
903 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
906 have_crypto_aead_modes="yes"
910 [have_crypto_aead_modes="no"; break]
921 SSL_CTX_get_default_passwd_cb \
922 SSL_CTX_get_default_passwd_cb_userdata \
924 X509_STORE_get0_objects \
926 X509_OBJECT_get_type \
930 EVP_PKEY_get0_EC_KEY \
939 RSA_meth_set_pub_enc \
940 RSA_meth_set_pub_dec \
941 RSA_meth_set_priv_enc \
942 RSA_meth_set_priv_dec \
944 RSA_meth_set_finish \
945 RSA_meth_set0_app_data \
950 CFLAGS="${saved_CFLAGS}"
954 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
955 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
956 CRYPTO_LIBS="${OPENSSL_LIBS}"
957 elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; then
958 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
959 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
961 saved_CFLAGS="${CFLAGS}"
964 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
965 # if the user did not explicitly specify flags, try to autodetect
966 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
970 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
971 [AC_MSG_ERROR([Could not find mbed TLS.])],
972 [${PKCS11_HELPER_LIBS}]
976 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
977 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
979 AC_MSG_CHECKING([mbedtls version])
983 #include <mbedtls/version.h>
986 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
987 #error invalid version
991 [AC_MSG_RESULT([ok])],
992 [AC_MSG_ERROR([mbed TLS 2.y.z required])]
995 mbedtls_with_pkcs11="no"
999 #include <mbedtls/config.h>
1002 #ifndef MBEDTLS_PKCS11_C
1003 #error pkcs11 wrapper missing
1007 mbedtls_with_pkcs11="yes")
1009 AC_MSG_CHECKING([mbedtls pkcs11 support])
1010 if test "${enable_pkcs11}" = "yes"; then
1011 if test "${mbedtls_with_pkcs11}" = "yes"; then
1014 AC_MSG_ERROR([mbedtls has no pkcs11 wrapper compiled in])
1017 if test "${mbedtls_with_pkcs11}" != "yes"; then
1020 AC_MSG_ERROR([mbed TLS compiled with PKCS11, while OpenVPN is not])
1024 have_crypto_aead_modes="yes"
1027 mbedtls_cipher_write_tag \
1028 mbedtls_cipher_check_tag \
1031 [have_crypto_aead_modes="no"; break]
1034 CFLAGS="${saved_CFLAGS}"
1035 LIBS="${saved_LIBS}"
1037 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
1038 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
1039 CRYPTO_LIBS="${MBEDTLS_LIBS}"
1040 elif test "${enable_crypto}" = "yes"; then
1041 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
1044 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
1045 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
1047 if test -z "${LZO_LIBS}"; then
1050 [lzo1x_1_15_compress],
1051 [LZO_LIBS="-llzo2"],
1054 [lzo1x_1_15_compress],
1060 if test "${have_lzo}" = "yes"; then
1061 saved_CFLAGS="${CFLAGS}"
1062 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
1069 [AC_MSG_ERROR([lzoutil.h is missing])]
1078 [AC_MSG_ERROR([lzo1x.h is missing])]
1081 CFLAGS="${saved_CFLAGS}"
1085 dnl check for LZ4 library
1088 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1089 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1090 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1091 AC_CHECKING([for LZ4 Library and Header files])
1094 # if LZ4_LIBS is set, we assume it will work, otherwise test
1095 if test -z "${LZ4_LIBS}"; then
1096 AC_CHECK_LIB(lz4, LZ4_compress,
1097 [ LZ4_LIBS="-llz4" ],
1099 AC_MSG_RESULT([LZ4 library not found.])
1104 saved_CFLAGS="${CFLAGS}"
1105 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1106 AC_CHECK_HEADERS(lz4.h,
1109 AC_MSG_RESULT([LZ4 headers not found.])
1113 if test $havelz4lib = 0 ; then
1114 AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*])
1115 AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
1118 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1119 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1120 AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
1121 CFLAGS="${saved_CFLAGS}"
1126 dnl Check for systemd
1128 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1129 if test "$enable_systemd" = "yes" ; then
1130 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1132 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1135 PKG_CHECK_EXISTS( [libsystemd > 216],
1136 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1137 [systemd is newer than v216])]
1140 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1143 AC_MSG_ERROR([systemd development headers not found.])
1146 saved_LIBS="${LIBS}"
1147 LIBS="${LIBS} ${libsystemd_LIBS}"
1148 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1149 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1150 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1151 LIBS="${saved_LIBS}"
1153 if test -n "${SYSTEMD_UNIT_DIR}"; then
1154 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1156 systemdunitdir="\${libdir}/systemd/system"
1159 if test -n "${TMPFILES_DIR}"; then
1160 tmpfilesdir="${TMPFILES_DIR}"
1162 tmpfilesdir="\${libdir}/tmpfiles.d"
1167 AC_MSG_CHECKING([git checkout])
1169 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1170 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1173 AC_MSG_RESULT([${GIT_CHECKOUT}])
1175 if test -n "${SP_PLATFORM_WINDOWS}"; then
1176 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #"
1177 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #"
1179 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['/'], [Path separator])
1180 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["/"], [Path separator])
1183 dnl enable --x509-username-field feature if requested
1184 if test "${enable_x509_alt_username}" = "yes"; then
1185 if test "${with_crypto_library}" = "mbedtls" ; then
1186 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1189 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1192 test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support])
1193 test "${enable_server}" = "no" && AC_DEFINE([ENABLE_CLIENT_ONLY], [1], [Enable client capability only])
1194 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1195 test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability])
1196 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1197 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1198 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1199 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1200 test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
1201 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
1202 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
1204 if test "${enable_crypto}" = "yes"; then
1205 test "${have_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing])
1206 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1207 test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
1208 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1209 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1210 AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library])
1213 if test "${enable_plugins}" = "yes"; then
1214 OPTIONAL_DL_LIBS="${DL_LIBS}"
1215 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1217 enable_plugin_auth_pam="no"
1218 enable_plugin_down_root="no"
1221 if test "${enable_iproute2}" = "yes"; then
1222 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1223 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1225 if test "${WIN32}" != "yes"; then
1226 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1227 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1231 if test "${enable_selinux}" = "yes"; then
1232 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1233 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1234 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1237 if test "${enable_lzo}" = "yes"; then
1238 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1239 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1240 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1241 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1243 if test "${enable_comp_stub}" = "yes"; then
1244 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1245 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1246 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1249 if test "${enable_pkcs11}" = "yes"; then
1250 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1251 test "${enable_crypto}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if crypto is enabled])
1252 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1253 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1254 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1258 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1259 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1264 if test "${enable_pedantic}" = "yes"; then
1266 CFLAGS="${CFLAGS} -pedantic"
1267 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1269 if test "${enable_strict}" = "yes"; then
1270 CFLAGS="${CFLAGS} -Wall -Wno-unused-parameter -Wno-unused-function"
1272 if test "${enable_werror}" = "yes"; then
1273 CFLAGS="${CFLAGS} -Werror"
1276 if test "${WIN32}" = "yes"; then
1277 test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
1280 if test "${enable_plugin_auth_pam}" = "yes"; then
1281 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1282 if test "${enable_pam_dlopen}" = "yes"; then
1283 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1284 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1286 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1287 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1291 if test "${enable_async_push}" = "yes"; then
1294 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1295 AC_MSG_ERROR([inotify.h not found.])
1299 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1300 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1302 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1303 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1304 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1305 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1306 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1307 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1308 AC_SUBST([TAP_WIN_COMPONENT_ID])
1309 AC_SUBST([TAP_WIN_MIN_MAJOR])
1310 AC_SUBST([TAP_WIN_MIN_MINOR])
1312 AC_SUBST([OPTIONAL_DL_LIBS])
1313 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1314 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1315 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1316 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1317 AC_SUBST([OPTIONAL_LZO_LIBS])
1318 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1319 AC_SUBST([OPTIONAL_LZ4_LIBS])
1320 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1321 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1322 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1324 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1325 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1327 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1328 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1329 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1330 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1331 AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
1332 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1334 sampledir="\$(docdir)/sample"
1335 AC_SUBST([plugindir])
1336 AC_SUBST([sampledir])
1338 AC_SUBST([systemdunitdir])
1339 AC_SUBST([tmpfilesdir])
1341 VENDOR_SRC_ROOT="\$(abs_top_srcdir)/vendor/"
1342 VENDOR_DIST_ROOT="\$(abs_top_builddir)/vendor/dist"
1343 VENDOR_BUILD_ROOT="\$(abs_top_builddir)/vendor/.build"
1344 AC_SUBST([VENDOR_SRC_ROOT])
1345 AC_SUBST([VENDOR_BUILD_ROOT])
1346 AC_SUBST([VENDOR_DIST_ROOT])
1348 TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
1349 TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
1351 AC_SUBST([TEST_LDFLAGS])
1352 AC_SUBST([TEST_CFLAGS])
1354 # Check if cmake is available and cmocka git submodule is initialized,
1355 # needed for unit testing
1356 AC_CHECK_PROGS([CMAKE], [cmake])
1357 if test -n "${CMAKE}"; then
1358 if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
1359 AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
1361 AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
1362 AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.])
1365 AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.])
1366 AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
1375 build/msvc/msvc-generate/Makefile
1378 distro/rpm/openvpn.spec
1379 distro/systemd/Makefile
1383 src/openvpn/Makefile
1384 src/openvpnserv/Makefile
1385 src/plugins/Makefile
1386 src/plugins/auth-pam/Makefile
1387 src/plugins/down-root/Makefile
1389 tests/unit_tests/Makefile
1390 tests/unit_tests/example_test/Makefile
1391 tests/unit_tests/openvpn/Makefile
1392 tests/unit_tests/plugins/Makefile
1393 tests/unit_tests/plugins/auth-pam/Makefile
1398 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])