1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
7 dnl Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 dnl Process this file with autoconf to produce a configure script.
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
44 dnl Initialize automake. automake < 1.12 didn't have serial-tests and
45 dnl gives an error if it sees this, but for automake >= 1.13
46 dnl serial-tests is required so we have to include it. Solution is to
47 dnl test for the version of automake (by running an external command)
48 dnl and provide it if necessary. Note we have to do this entirely using
49 dnl m4 macros since automake queries this macro by running
50 dnl 'autoconf --trace ...'.
51 m4_define([serial_tests], [
52 m4_esyscmd([automake --version |
54 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}'
57 AM_INIT_AUTOMAKE(foreign serial_tests) dnl NB: Do not [quote] this parameter.
59 AC_USE_SYSTEM_EXTENSIONS
63 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
69 [ --disable-lz4 Disable LZ4 compression support],
70 [enable_lz4="$enableval"],
74 AC_ARG_ENABLE(comp-stub,
75 [ --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers],
76 [enable_comp_stub="$enableval"],
77 [enable_comp_stub="no"]
82 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
84 [enable_crypto_ofb_cfb="yes"]
89 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
91 [enable_x509_alt_username="no"]
96 [AS_HELP_STRING([--disable-server], [disable server support only (but retain client support) @<:@default=yes@:>@])],
103 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
105 [enable_plugins="yes"]
110 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
112 [enable_management="yes"]
117 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
124 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
126 [enable_fragment="yes"]
131 [AS_HELP_STRING([--disable-multihome], [disable multi-homed UDP server support (--multihome) @<:@default=yes@:>@])],
133 [enable_multihome="yes"]
138 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
140 [enable_port_share="yes"]
145 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
152 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
159 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
161 [enable_iproute2="no"]
166 [AS_HELP_STRING([--disable-def-auth], [disable deferred authentication @<:@default=yes@:>@])],
168 [enable_def_auth="yes"]
173 [AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
180 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
184 *-*-openbsd*) enable_plugin_auth_pam="no";;
185 *-mingw*) enable_plugin_auth_pam="no";;
186 *) enable_plugin_auth_pam="yes";;
193 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
197 *-mingw*) enable_plugin_down_root="no";;
198 *) enable_plugin_down_root="yes";;
205 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
207 [enable_pam_dlopen="no"]
212 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
219 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
221 [enable_pedantic="no"]
226 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail if the compiler issues warnings (debugging option) @<:@default=no@:>@])],
233 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
235 [enable_strict_options="no"]
240 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
242 [enable_selinux="no"]
247 [AS_HELP_STRING([--enable-systemd], [enable systemd suppport @<:@default=no@:>@])],
249 [enable_systemd="no"]
254 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
256 [enable_async_push="no"]
261 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
262 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
267 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
270 dmalloc|valgrind|ssl|no) ;;
271 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
274 [with_mem_check="no"]
279 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls @<:@default=openssl@:>@])],
283 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
286 [with_crypto_library="openssl"]
289 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
290 if test -n "${PLUGINDIR}"; then
291 plugindir="${PLUGINDIR}"
293 plugindir="\${libdir}/openvpn/plugins"
296 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
299 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
300 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
303 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
304 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
305 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
308 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
309 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
312 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
313 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
316 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
317 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
320 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
321 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
322 have_tap_header="yes"
323 dnl some Mac OS X tendering (we use vararg macros...)
324 CPPFLAGS="$CPPFLAGS -no-cpp-precomp"
325 ac_cv_type_struct_in_pktinfo=no
328 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
329 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
330 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
331 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
335 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
336 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
339 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
340 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
341 ROUTE="/usr/sbin/route"
342 have_tap_header="yes"
343 ac_cv_header_net_if_h="no" # exists, but breaks things
346 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
347 have_tap_header="yes"
358 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
359 AC_ARG_VAR([ROUTE], [full path to route utility])
360 AC_ARG_VAR([IPROUTE], [full path to ip utility])
361 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
362 AC_ARG_VAR([MAN2HTML], [path to man2html utility])
363 AC_ARG_VAR([GIT], [path to git utility])
364 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
365 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
366 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
367 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
368 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
369 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
370 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
371 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
372 AC_CHECK_PROGS([MAN2HTML], [man2html])
373 AC_CHECK_PROGS([GIT], [git]) # optional
374 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
375 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
376 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
377 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
379 # Set -std=c99 unless user already specified a -std=
382 *) CFLAGS="${CFLAGS} -std=c99" ;;
392 LT_LANG([Windows Resource])
417 AX_CPP_VARARG_MACRO_ISO
418 AX_CPP_VARARG_MACRO_GCC
421 AC_CHECK_SIZEOF([unsigned int])
422 AC_CHECK_SIZEOF([unsigned long])
424 stdio.h stdarg.h limits.h \
425 time.h errno.h fcntl.h io.h direct.h \
426 ctype.h sys/types.h sys/socket.h \
427 signal.h unistd.h dlfcn.h \
428 netinet/in.h netinet/in_systm.h \
429 netinet/tcp.h arpa/inet.h netdb.h \
430 windows.h winsock2.h ws2tcpip.h \
434 sys/time.h sys/ioctl.h sys/stat.h \
435 sys/mman.h sys/file.h sys/wait.h \
436 unistd.h signal.h libgen.h stropts.h \
437 syslog.h pwd.h grp.h \
438 sys/sockio.h sys/uio.h linux/sockios.h \
439 linux/types.h sys/poll.h sys/epoll.h err.h \
446 #ifdef HAVE_SYS_TYPES_H
447 #include <sys/types.h>
449 #ifdef HAVE_SYS_SOCKET_H
450 #include <sys/socket.h>
455 #ifdef HAVE_NETINET_IN_H
456 #include <netinet/in.h>
458 #ifdef HAVE_WINDOWS_H
461 #ifdef HAVE_WINSOCK2_H
462 #include <winsock2.h>
464 #ifdef HAVE_WS2TCPIP_H
465 #include <ws2tcpip.h>
467 #ifdef HAVE_NETINET_IN_SYSTM_H
468 #include <netinet/in_systm.h>
470 #ifdef HAVE_NETINET_IP_H
471 #include <netinet/ip.h>
476 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
479 [[${SOCKET_INCLUDES}]]
485 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
486 [[${SOCKET_INCLUDES}]]
491 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
492 [[${SOCKET_INCLUDES}]]
496 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
498 [[${SOCKET_INCLUDES}]]
501 [struct sock_extended_err],
502 [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
504 [[${SOCKET_INCLUDES}]]
508 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
510 [[${SOCKET_INCLUDES}]]
514 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
516 [[${SOCKET_INCLUDES}]]
520 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
522 [[${SOCKET_INCLUDES}]]
526 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
528 [[${SOCKET_INCLUDES}]]
531 [struct in_pktinfo.ipi_spec_dst],
532 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
534 [[${SOCKET_INCLUDES}]]
537 [struct sockaddr_in6],
539 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
540 [[${SOCKET_INCLUDES}]]
546 [[${SOCKET_INCLUDES}]]
548 AC_CHECKING([anonymous union support])
566 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
568 [AC_MSG_RESULT([no])]
571 saved_LDFLAGS="$LDFLAGS"
572 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
573 AC_MSG_CHECKING([linker supports --wrap])
578 void __real_exit(int);
579 void __wrap_exit(int i) {
589 have_ld_wrap_support=yes
591 [AC_MSG_RESULT([no])],
593 LDFLAGS="$saved_LDFLAGS"
595 dnl We emulate signals in Windows
599 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
609 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
619 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
629 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
639 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
650 daemon chroot getpwnam setuid nice system getpid dup dup2 \
651 getpass syslog openlog mlockall getgrnam setgid \
652 setgroups stat flock readv writev time gettimeofday \
653 ctime memset vsnprintf strdup \
654 setsid chdir putenv getpeername unlink \
655 chsize ftruncate execve getpeereid umask basename dirname access \
669 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
674 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
679 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
681 AC_SUBST([SOCKETS_LIBS])
684 LIBS="${LIBS} ${SOCKETS_LIBS}"
685 AC_CHECK_FUNCS([sendmsg recvmsg])
686 # Windows use stdcall for winsock so we cannot auto detect these
689 [socket recv recvfrom send sendto listen dnl
690 accept connect bind select gethostbyname inet_ntoa]dnl
694 [setsockopt getsockopt getsockname poll]dnl
696 if test "${WIN32}" = "yes"; then
697 # normal autoconf function checking does not find inet_ntop/inet_pton
698 # because they need to include the actual header file and link ws2_32.dll
699 LIBS="${LIBS} -lws2_32"
700 AC_MSG_CHECKING([for MinGW inet_ntop()/inet_pton()])
704 #include <ws2tcpip.h>
707 int r = (int) inet_ntop (0, NULL, NULL, 0);
708 r += inet_pton(AF_INET, NULL, NULL);
713 AC_DEFINE([HAVE_INET_NTOP],[1],[MinGW inet_ntop])
714 AC_DEFINE([HAVE_INET_PTON],[1],[MinGW inet_pton])
716 [AC_MSG_RESULT([not found])]
720 m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
721 m4_define([UF], [[m4_join([_], [HAVE], m4_toupper(F))]])
722 AC_DEFINE([UF], [1], [Win32 builtin])
725 AC_CHECK_FUNCS([inet_ntop inet_pton])
729 [AC_MSG_ERROR([Required library function not found])]
731 AC_CHECK_FUNCS(SOCKET_OPT_FUNCS)
735 # we assume res_init() always exist, but need to find out *where*...
736 AC_SEARCH_LIBS(__res_init, resolv bind, ,
737 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
738 AC_SEARCH_LIBS(res_init, resolv bind, , )))
740 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
741 old_CFLAGS="${CFLAGS}"
742 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
745 net/if_tun.h net/tun/if_tun.h \
749 [have_tap_header="yes"]
753 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
756 #ifdef HAVE_LINUX_IF_TUN_H
757 #include <linux/if_tun.h>
761 CFLAGS="${old_CFLAGS}"
762 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
767 [SELINUX_LIBS="-lselinux"]
769 AC_SUBST([SELINUX_LIBS])
771 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
772 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
773 if test -z "${LIBPAM_LIBS}"; then
777 [LIBPAM_LIBS="-lpam"]
781 case "${with_mem_check}" in
784 [valgrind/memcheck.h],
786 CFLAGS="${CFLAGS} -g -fno-inline"
790 [Use valgrind memory debugging library]
793 [AC_MSG_ERROR([valgrind headers not found.])]
803 LIBS="${LIBS} -ldmalloc"
807 [Use dmalloc memory debugging library]
810 [AC_MSG_ERROR([dmalloc library not found.])]
812 [AC_MSG_ERROR([dmalloc headers not found.])]
823 [Use memory debugging function in OpenSSL]
825 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
827 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
834 [libpkcs11-helper-1 >= 1.11],
835 [have_pkcs11_helper="yes"],
839 if test "${with_crypto_library}" = "openssl"; then
840 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
841 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
843 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
844 # if the user did not explicitly specify flags, try to autodetect
848 [have_openssl="yes"],
849 [] # If this fails, we will do another test next
851 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
854 saved_CFLAGS="${CFLAGS}"
856 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
857 LIBS="${LIBS} ${OPENSSL_LIBS}"
859 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
860 # are used, check the version directly in the OpenSSL include file
861 if test "${have_openssl}" != "yes"; then
862 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.1])
866 #include <openssl/opensslv.h>
869 /* Version encoding: MNNFFPPS - see opensslv.h for details */
870 #if OPENSSL_VERSION_NUMBER < 0x10001000L
871 #error OpenSSL too old
875 [AC_MSG_RESULT([ok])],
876 [AC_MSG_ERROR([OpenSSL version too old])]
880 AC_CHECK_FUNCS([SSL_CTX_new EVP_CIPHER_CTX_set_key_length],
882 [AC_MSG_ERROR([openssl check failed])]
885 have_openssl_engine="yes"
888 ENGINE_load_builtin_engines \
889 ENGINE_register_all_complete \
893 [have_openssl_engine="no"; break]
895 if test "${have_openssl_engine}" = "no"; then
896 AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
898 #include <openssl/engine.h>
902 if test "${have_openssl_engine}" = "yes"; then
903 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
906 have_crypto_aead_modes="yes"
910 [have_crypto_aead_modes="no"; break]
921 SSL_CTX_get_default_passwd_cb \
922 SSL_CTX_get_default_passwd_cb_userdata \
923 SSL_CTX_set_security_level \
925 X509_STORE_get0_objects \
927 X509_OBJECT_get_type \
931 EVP_PKEY_get0_EC_KEY \
940 RSA_meth_set_pub_enc \
941 RSA_meth_set_pub_dec \
942 RSA_meth_set_priv_enc \
943 RSA_meth_set_priv_dec \
945 RSA_meth_set_finish \
946 RSA_meth_set0_app_data \
947 RSA_meth_get0_app_data \
952 CFLAGS="${saved_CFLAGS}"
955 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
956 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
957 CRYPTO_LIBS="${OPENSSL_LIBS}"
958 elif test "${with_crypto_library}" = "mbedtls"; then
959 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
960 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
962 saved_CFLAGS="${CFLAGS}"
965 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
966 # if the user did not explicitly specify flags, try to autodetect
967 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
971 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
972 [AC_MSG_ERROR([Could not find mbed TLS.])],
973 [${PKCS11_HELPER_LIBS}]
977 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
978 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
980 AC_MSG_CHECKING([mbedtls version])
984 #include <mbedtls/version.h>
987 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
988 #error invalid version
992 [AC_MSG_RESULT([ok])],
993 [AC_MSG_ERROR([mbed TLS 2.y.z required])]
996 mbedtls_with_pkcs11="no"
1000 #include <mbedtls/config.h>
1003 #ifndef MBEDTLS_PKCS11_C
1004 #error pkcs11 wrapper missing
1008 mbedtls_with_pkcs11="yes")
1010 AC_MSG_CHECKING([mbedtls pkcs11 support])
1011 if test "${enable_pkcs11}" = "yes"; then
1012 if test "${mbedtls_with_pkcs11}" = "yes"; then
1015 AC_MSG_ERROR([mbedtls has no pkcs11 wrapper compiled in])
1018 if test "${mbedtls_with_pkcs11}" != "yes"; then
1021 AC_MSG_ERROR([mbed TLS compiled with PKCS11, while OpenVPN is not])
1025 have_crypto_aead_modes="yes"
1028 mbedtls_cipher_write_tag \
1029 mbedtls_cipher_check_tag \
1032 [have_crypto_aead_modes="no"; break]
1035 CFLAGS="${saved_CFLAGS}"
1036 LIBS="${saved_LIBS}"
1037 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
1038 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
1039 CRYPTO_LIBS="${MBEDTLS_LIBS}"
1041 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
1044 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
1045 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
1047 if test -z "${LZO_LIBS}"; then
1050 [lzo1x_1_15_compress],
1051 [LZO_LIBS="-llzo2"],
1054 [lzo1x_1_15_compress],
1060 if test "${have_lzo}" = "yes"; then
1061 saved_CFLAGS="${CFLAGS}"
1062 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
1069 [AC_MSG_ERROR([lzoutil.h is missing])]
1078 [AC_MSG_ERROR([lzo1x.h is missing])]
1081 CFLAGS="${saved_CFLAGS}"
1085 dnl check for LZ4 library
1088 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1089 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1090 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1091 if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
1092 # if the user did not explicitly specify flags, try to autodetect
1093 PKG_CHECK_MODULES([LZ4],
1094 [liblz4 >= 1.7.1 liblz4 < 100],
1096 [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
1097 # We also add set LZ4_LIBS otherwise the
1098 # linker will not know about the lz4 library
1102 saved_CFLAGS="${CFLAGS}"
1103 saved_LIBS="${LIBS}"
1104 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1105 LIBS="${LIBS} ${LZ4_LIBS}"
1107 # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
1108 # are used, check the version directly in the LZ4 include file
1109 if test "${have_lz4}" != "yes"; then
1110 AC_CHECK_HEADERS([lz4.h],
1114 if test "${have_lz4h}" = "yes" ; then
1115 AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
1121 /* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
1122 #if LZ4_VERSION_NUMBER < 10701L
1123 #error LZ4 is too old
1131 [AC_MSG_RESULT([system LZ4 library is too old])]
1136 # Double check we have a few needed functions
1137 if test "${have_lz4}" = "yes" ; then
1139 [LZ4_compress_default],
1143 [LZ4_decompress_safe],
1148 if test "${have_lz4}" != "yes" ; then
1149 AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
1150 AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
1153 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1154 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1155 AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
1156 CFLAGS="${saved_CFLAGS}"
1157 LIBS="${saved_LIBS}"
1162 dnl Check for systemd
1164 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1165 if test "$enable_systemd" = "yes" ; then
1166 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1168 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1171 PKG_CHECK_EXISTS( [libsystemd > 216],
1172 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1173 [systemd is newer than v216])]
1176 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1179 AC_MSG_ERROR([systemd development headers not found.])
1182 saved_LIBS="${LIBS}"
1183 LIBS="${LIBS} ${libsystemd_LIBS}"
1184 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1185 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1186 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1187 LIBS="${saved_LIBS}"
1189 if test -n "${SYSTEMD_UNIT_DIR}"; then
1190 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1192 systemdunitdir="\${libdir}/systemd/system"
1195 if test -n "${TMPFILES_DIR}"; then
1196 tmpfilesdir="${TMPFILES_DIR}"
1198 tmpfilesdir="\${libdir}/tmpfiles.d"
1203 AC_MSG_CHECKING([git checkout])
1205 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1206 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1209 AC_MSG_RESULT([${GIT_CHECKOUT}])
1211 if test -n "${SP_PLATFORM_WINDOWS}"; then
1212 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #"
1213 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #"
1215 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['/'], [Path separator])
1216 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["/"], [Path separator])
1219 dnl enable --x509-username-field feature if requested
1220 if test "${enable_x509_alt_username}" = "yes"; then
1221 if test "${with_crypto_library}" = "mbedtls" ; then
1222 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1225 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1228 test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support])
1229 test "${enable_server}" = "no" && AC_DEFINE([ENABLE_CLIENT_ONLY], [1], [Enable client capability only])
1230 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1231 test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability])
1232 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1233 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1234 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1235 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1236 test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
1237 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
1238 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
1240 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1241 test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
1242 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1243 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1245 if test "${enable_plugins}" = "yes"; then
1246 OPTIONAL_DL_LIBS="${DL_LIBS}"
1247 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1249 enable_plugin_auth_pam="no"
1250 enable_plugin_down_root="no"
1253 if test "${enable_iproute2}" = "yes"; then
1254 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1255 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1257 if test "${WIN32}" != "yes"; then
1258 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1259 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1263 if test "${enable_selinux}" = "yes"; then
1264 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1265 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1266 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1269 if test "${enable_lzo}" = "yes"; then
1270 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1271 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1272 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1273 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1275 if test "${enable_comp_stub}" = "yes"; then
1276 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1277 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1278 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1281 if test "${enable_pkcs11}" = "yes"; then
1282 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1283 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1284 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1285 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1289 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1290 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1295 AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [
1296 old_cflags="$CFLAGS"
1298 AC_MSG_CHECKING([whether the compiler acceppts $1])
1299 AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])],
1300 [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])]
1303 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-function])
1304 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-parameter])
1305 ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
1307 if test "${enable_pedantic}" = "yes"; then
1309 CFLAGS="${CFLAGS} -pedantic"
1310 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1312 if test "${enable_strict}" = "yes"; then
1313 CFLAGS="${CFLAGS} -Wsign-compare -Wuninitialized"
1315 if test "${enable_werror}" = "yes"; then
1316 CFLAGS="${CFLAGS} -Werror"
1319 if test "${WIN32}" = "yes"; then
1320 test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
1323 if test "${enable_plugin_auth_pam}" = "yes"; then
1324 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1325 if test "${enable_pam_dlopen}" = "yes"; then
1326 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1327 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1329 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1330 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1334 if test "${enable_async_push}" = "yes"; then
1337 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1338 AC_MSG_ERROR([inotify.h not found.])
1342 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1343 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1345 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1346 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1347 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1348 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1349 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1350 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1351 AC_SUBST([TAP_WIN_COMPONENT_ID])
1352 AC_SUBST([TAP_WIN_MIN_MAJOR])
1353 AC_SUBST([TAP_WIN_MIN_MINOR])
1355 AC_SUBST([OPTIONAL_DL_LIBS])
1356 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1357 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1358 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1359 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1360 AC_SUBST([OPTIONAL_LZO_LIBS])
1361 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1362 AC_SUBST([OPTIONAL_LZ4_LIBS])
1363 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1364 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1365 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1367 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1368 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1370 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1371 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1372 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1373 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1374 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1376 sampledir="\$(docdir)/sample"
1377 AC_SUBST([plugindir])
1378 AC_SUBST([sampledir])
1380 AC_SUBST([systemdunitdir])
1381 AC_SUBST([tmpfilesdir])
1383 VENDOR_SRC_ROOT="\$(abs_top_srcdir)/vendor/"
1384 VENDOR_DIST_ROOT="\$(abs_top_builddir)/vendor/dist"
1385 VENDOR_BUILD_ROOT="\$(abs_top_builddir)/vendor/.build"
1386 AC_SUBST([VENDOR_SRC_ROOT])
1387 AC_SUBST([VENDOR_BUILD_ROOT])
1388 AC_SUBST([VENDOR_DIST_ROOT])
1390 TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
1391 TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
1393 AC_SUBST([TEST_LDFLAGS])
1394 AC_SUBST([TEST_CFLAGS])
1396 # Check if cmake is available and cmocka git submodule is initialized,
1397 # needed for unit testing
1398 AC_CHECK_PROGS([CMAKE], [cmake])
1399 if test -n "${CMAKE}"; then
1400 if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
1401 AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
1403 AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
1404 AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed.])
1407 AC_MSG_RESULT([!! WARNING !! CMake is NOT available. Unit testing cannot be performed.])
1408 AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
1417 build/msvc/msvc-generate/Makefile
1420 distro/rpm/openvpn.spec
1421 distro/systemd/Makefile
1423 doc/doxygen/Makefile
1424 doc/doxygen/openvpn.doxyfile
1428 src/openvpn/Makefile
1429 src/openvpnserv/Makefile
1430 src/plugins/Makefile
1431 src/plugins/auth-pam/Makefile
1432 src/plugins/down-root/Makefile
1434 tests/unit_tests/Makefile
1435 tests/unit_tests/example_test/Makefile
1436 tests/unit_tests/openvpn/Makefile
1437 tests/unit_tests/plugins/Makefile
1438 tests/unit_tests/plugins/auth-pam/Makefile
1442 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])