1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
7 dnl Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 dnl Process this file with autoconf to produce a configure script.
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
44 dnl Initialize automake. automake < 1.12 didn't have serial-tests and
45 dnl gives an error if it sees this, but for automake >= 1.13
46 dnl serial-tests is required so we have to include it. Solution is to
47 dnl test for the version of automake (by running an external command)
48 dnl and provide it if necessary. Note we have to do this entirely using
49 dnl m4 macros since automake queries this macro by running
50 dnl 'autoconf --trace ...'.
51 m4_define([serial_tests], [
52 m4_esyscmd([automake --version |
54 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}'
57 # This foreign option prevents autoreconf from overriding our COPYING and
59 AM_INIT_AUTOMAKE(foreign serial_tests 1.9) dnl NB: Do not [quote] this parameter.
61 AC_USE_SYSTEM_EXTENSIONS
65 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
71 [ --disable-lz4 Disable LZ4 compression support],
72 [enable_lz4="$enableval"],
76 AC_ARG_ENABLE(comp-stub,
77 [ --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers],
78 [enable_comp_stub="$enableval"],
79 [enable_comp_stub="no"]
84 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
86 [enable_crypto_ofb_cfb="yes"]
91 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
93 [enable_x509_alt_username="no"]
98 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
100 [enable_plugins="yes"]
105 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
107 [enable_management="yes"]
112 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
119 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
121 [enable_fragment="yes"]
126 [AS_HELP_STRING([--disable-multihome], [disable multi-homed UDP server support (--multihome) @<:@default=yes@:>@])],
128 [enable_multihome="yes"]
133 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
135 [enable_port_share="yes"]
140 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
147 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
154 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
156 [enable_iproute2="no"]
161 [AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
168 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
172 *-*-openbsd*) enable_plugin_auth_pam="no";;
173 *-mingw*) enable_plugin_auth_pam="no";;
174 *) enable_plugin_auth_pam="yes";;
181 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
185 *-mingw*) enable_plugin_down_root="no";;
186 *) enable_plugin_down_root="yes";;
193 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
195 [enable_pam_dlopen="no"]
200 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
207 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
209 [enable_pedantic="no"]
214 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail if the compiler issues warnings (debugging option) @<:@default=no@:>@])],
221 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
223 [enable_strict_options="no"]
228 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
230 [enable_selinux="no"]
235 [AS_HELP_STRING([--enable-systemd], [enable systemd support @<:@default=no@:>@])],
237 [enable_systemd="no"]
242 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
244 [enable_async_push="no"]
249 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
250 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
255 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
258 dmalloc|valgrind|ssl|no) ;;
259 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
262 [with_mem_check="no"]
267 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls|wolfssl @<:@default=openssl@:>@])],
270 openssl|mbedtls|wolfssl) ;;
271 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
274 [with_crypto_library="openssl"]
279 [AS_HELP_STRING([--disable-wolfssl-options-h], [Disable including options.h in wolfSSL @<:@default=yes@:>@])],
281 [enable_wolfssl_options_h="yes"]
284 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
285 if test -n "${PLUGINDIR}"; then
286 plugindir="${PLUGINDIR}"
288 plugindir="\${libdir}/openvpn/plugins"
291 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
292 AM_CONDITIONAL([TARGET_LINUX], [false])
295 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
296 AM_CONDITIONAL([TARGET_LINUX], [true])
297 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
301 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
302 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
303 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
304 test -x /bin/bash && SHELL="/bin/bash"
307 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
308 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
311 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
312 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
315 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
316 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
319 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
320 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
321 have_tap_header="yes"
322 ac_cv_type_struct_in_pktinfo=no
325 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
326 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
327 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
328 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
332 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
333 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
336 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
337 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
338 ROUTE="/usr/sbin/route"
339 have_tap_header="yes"
340 ac_cv_header_net_if_h="no" # exists, but breaks things
343 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
344 have_tap_header="yes"
355 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
356 AC_ARG_VAR([ROUTE], [full path to route utility])
357 AC_ARG_VAR([IPROUTE], [full path to ip utility])
358 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
359 AC_ARG_VAR([GIT], [path to git utility])
360 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
361 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
362 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
363 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
364 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
365 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
366 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
367 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
368 AC_CHECK_PROGS([GIT], [git]) # optional
369 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
370 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
371 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
372 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
375 # man page generation - based on python-docutils
377 AC_ARG_VAR([RST2MAN], [path to rst2man utility])
378 AC_ARG_VAR([RST2HTML], [path to rst2html utility])
379 AC_CHECK_PROGS([RST2MAN], [rst2man])
380 AC_CHECK_PROGS([RST2HTML], [rst2html])
381 AM_CONDITIONAL([HAVE_PYDOCUTILS], [test "${RST2MAN}" -a "${RST2HTML}"])
383 # Set -std=c99 unless user already specified a -std=
386 *) CFLAGS="${CFLAGS} -std=c99" ;;
396 LT_LANG([Windows Resource])
414 AC_CHECK_SIZEOF([unsigned int])
415 AC_CHECK_SIZEOF([unsigned long])
417 fcntl.h io.h direct.h \
418 sys/types.h sys/socket.h \
420 netinet/in.h netinet/in_systm.h \
421 netinet/tcp.h arpa/inet.h netdb.h \
422 windows.h winsock2.h ws2tcpip.h \
426 sys/time.h sys/ioctl.h sys/stat.h \
427 sys/mman.h sys/file.h sys/wait.h \
428 unistd.h libgen.h stropts.h \
429 syslog.h pwd.h grp.h termios.h \
430 sys/sockio.h sys/uio.h linux/sockios.h \
431 linux/types.h poll.h sys/epoll.h err.h \
436 #ifdef HAVE_SYS_TYPES_H
437 #include <sys/types.h>
439 #ifdef HAVE_SYS_SOCKET_H
440 #include <sys/socket.h>
445 #ifdef HAVE_NETINET_IN_H
446 #include <netinet/in.h>
448 #ifdef HAVE_WINDOWS_H
451 #ifdef HAVE_WINSOCK2_H
452 #include <winsock2.h>
454 #ifdef HAVE_WS2TCPIP_H
455 #include <ws2tcpip.h>
457 #ifdef HAVE_NETINET_IN_SYSTM_H
458 #include <netinet/in_systm.h>
460 #ifdef HAVE_NETINET_IP_H
461 #include <netinet/ip.h>
466 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
469 [[${SOCKET_INCLUDES}]]
475 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
476 [[${SOCKET_INCLUDES}]]
481 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
482 [[${SOCKET_INCLUDES}]]
486 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
488 [[${SOCKET_INCLUDES}]]
491 [struct sock_extended_err],
492 [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
494 [[${SOCKET_INCLUDES}]]
498 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
500 [[${SOCKET_INCLUDES}]]
504 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
506 [[${SOCKET_INCLUDES}]]
510 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
512 [[${SOCKET_INCLUDES}]]
516 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
518 [[${SOCKET_INCLUDES}]]
521 [struct in_pktinfo.ipi_spec_dst],
522 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
524 [[${SOCKET_INCLUDES}]]
527 [struct sockaddr_in6],
529 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
530 [[${SOCKET_INCLUDES}]]
536 [[${SOCKET_INCLUDES}]]
538 AC_CHECKING([anonymous union support])
556 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
558 [AC_MSG_RESULT([no])]
561 saved_LDFLAGS="$LDFLAGS"
562 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
563 AC_MSG_CHECKING([linker supports --wrap])
568 void __real_exit(int);
569 void __wrap_exit(int i) {
579 have_ld_wrap_support=yes
581 [AC_MSG_RESULT([no])],
583 LDFLAGS="$saved_LDFLAGS"
585 dnl We emulate signals in Windows
589 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
597 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
605 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
613 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
621 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
630 daemon chroot getpwnam setuid nice system getpid dup dup2 \
631 syslog openlog mlockall getrlimit getgrnam setgid \
632 setgroups flock readv writev time gettimeofday \
633 setsid chdir getpeername unlink \
634 chsize ftruncate execve getpeereid umask basename dirname access \
635 epoll_create strsep \
648 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
653 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
658 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
660 AC_SUBST([SOCKETS_LIBS])
663 LIBS="${LIBS} ${SOCKETS_LIBS}"
664 AC_CHECK_FUNCS([sendmsg recvmsg])
668 # we assume res_init() always exist, but need to find out *where*...
669 AC_SEARCH_LIBS(__res_init, resolv bind, ,
670 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
671 AC_SEARCH_LIBS(res_init, resolv bind, , )))
673 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
674 old_CFLAGS="${CFLAGS}"
675 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
678 net/if_tun.h net/tun/if_tun.h \
682 [have_tap_header="yes"]
686 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
689 #ifdef HAVE_LINUX_IF_TUN_H
690 #include <linux/if_tun.h>
694 CFLAGS="${old_CFLAGS}"
695 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
700 [SELINUX_LIBS="-lselinux"]
702 AC_SUBST([SELINUX_LIBS])
704 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
705 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
706 if test -z "${LIBPAM_LIBS}"; then
710 [LIBPAM_LIBS="-lpam"]
714 case "${with_mem_check}" in
717 [valgrind/memcheck.h],
719 CFLAGS="${CFLAGS} -g -fno-inline"
723 [Use valgrind memory debugging library]
726 [AC_MSG_ERROR([valgrind headers not found.])]
736 LIBS="${LIBS} -ldmalloc"
740 [Use dmalloc memory debugging library]
743 [AC_MSG_ERROR([dmalloc library not found.])]
745 [AC_MSG_ERROR([dmalloc headers not found.])]
756 [Use memory debugging function in OpenSSL]
758 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
760 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
767 [libpkcs11-helper-1 >= 1.11],
768 [have_pkcs11_helper="yes"],
772 if test "${with_crypto_library}" = "openssl"; then
773 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
774 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
776 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
777 # if the user did not explicitly specify flags, try to autodetect
781 [have_openssl="yes"],
782 [] # If this fails, we will do another test next
784 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
787 saved_CFLAGS="${CFLAGS}"
789 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
790 LIBS="${LIBS} ${OPENSSL_LIBS}"
792 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
793 # are used, check the version directly in the OpenSSL include file
794 if test "${have_openssl}" != "yes"; then
795 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.2])
799 #include <openssl/opensslv.h>
802 /* Version encoding: MNNFFPPS - see opensslv.h for details */
803 #if OPENSSL_VERSION_NUMBER < 0x10002000L
804 #error OpenSSL too old
808 [AC_MSG_RESULT([ok])],
809 [AC_MSG_ERROR([OpenSSL version too old])]
813 AC_CHECK_FUNCS([SSL_CTX_new],
815 [AC_MSG_ERROR([openssl check failed])]
818 have_openssl_engine="yes"
821 ENGINE_load_builtin_engines \
822 ENGINE_register_all_complete \
826 [have_openssl_engine="no"; break]
828 if test "${have_openssl_engine}" = "no"; then
829 AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
831 #include <openssl/engine.h>
835 if test "${have_openssl_engine}" = "yes"; then
836 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
842 [AC_MSG_ERROR([OpenSSL check for AES-256-GCM support failed])]
845 # All supported OpenSSL version (>= 1.0.2)
847 have_export_keying_material="yes"
849 CFLAGS="${saved_CFLAGS}"
852 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
853 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
854 CRYPTO_LIBS="${OPENSSL_LIBS}"
855 elif test "${with_crypto_library}" = "mbedtls"; then
856 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
857 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
859 saved_CFLAGS="${CFLAGS}"
862 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
863 # if the user did not explicitly specify flags, try to autodetect
864 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
868 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
869 [AC_MSG_ERROR([Could not find mbed TLS.])],
870 [${PKCS11_HELPER_LIBS}]
874 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
875 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
877 AC_MSG_CHECKING([mbedtls version])
881 #include <mbedtls/version.h>
884 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
885 #error invalid version
889 [AC_MSG_RESULT([ok])],
890 [AC_MSG_ERROR([mbed TLS 2.y.z required])]
895 mbedtls_cipher_write_tag \
896 mbedtls_cipher_check_tag \
899 [AC_MSG_ERROR([mbed TLS check for AEAD support failed])]
902 have_export_keying_material="yes"
904 [mbedtls_ssl_conf_export_keys_ext_cb],
906 [have_export_keying_material="no"]
909 CFLAGS="${saved_CFLAGS}"
911 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
912 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
913 CRYPTO_LIBS="${MBEDTLS_LIBS}"
915 elif test "${with_crypto_library}" = "wolfssl"; then
916 AC_ARG_VAR([WOLFSSL_CFLAGS], [C compiler flags for wolfssl. The include directory should
917 contain the regular wolfSSL header files but also the
918 wolfSSL OpenSSL header files. Ex: -I/usr/local/include
919 -I/usr/local/include/wolfssl])
920 AC_ARG_VAR([WOLFSSL_LIBS], [linker flags for wolfssl])
922 saved_CFLAGS="${CFLAGS}"
925 if test -z "${WOLFSSL_CFLAGS}" -a -z "${WOLFSSL_LIBS}"; then
926 # if the user did not explicitly specify flags, try to autodetect
931 [AC_MSG_ERROR([Could not find wolfSSL.])]
934 [WOLFSSL_INCLUDEDIR],
938 [AC_MSG_ERROR([Could not find wolfSSL includedir variable.])]
940 WOLFSSL_CFLAGS="${WOLFSSL_CFLAGS} -I${WOLFSSL_INCLUDEDIR}/wolfssl"
942 saved_CFLAGS="${CFLAGS}"
944 CFLAGS="${CFLAGS} ${WOLFSSL_CFLAGS}"
945 LIBS="${LIBS} ${WOLFSSL_LIBS}"
951 [AC_MSG_ERROR([Could not link wolfSSL library.])]
953 AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header wolfssl/options.h not found!])])
955 # wolfSSL signal EKM support
956 have_export_keying_material="yes"
958 if test "${enable_wolfssl_options_h}" = "yes"; then
959 AC_DEFINE([EXTERNAL_OPTS_OPENVPN], [1], [Include options.h from wolfSSL library])
961 AC_DEFINE([WOLFSSL_USER_SETTINGS], [1], [Use custom user_settings.h file for wolfSSL library])
964 have_export_keying_material="yes"
966 CFLAGS="${saved_CFLAGS}"
969 AC_DEFINE([ENABLE_CRYPTO_WOLFSSL], [1], [Use wolfSSL crypto library])
970 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use wolfSSL openssl compatibility layer])
971 CRYPTO_CFLAGS="${WOLFSSL_CFLAGS}"
972 CRYPTO_LIBS="${WOLFSSL_LIBS}"
974 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
977 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
978 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
980 if test -z "${LZO_LIBS}"; then
983 [lzo1x_1_15_compress],
987 [lzo1x_1_15_compress],
993 if test "${have_lzo}" = "yes"; then
994 saved_CFLAGS="${CFLAGS}"
995 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
1002 [AC_MSG_ERROR([lzoutil.h is missing])]
1011 [AC_MSG_ERROR([lzo1x.h is missing])]
1014 CFLAGS="${saved_CFLAGS}"
1018 dnl check for LZ4 library
1021 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1022 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1023 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1024 if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
1025 # if the user did not explicitly specify flags, try to autodetect
1026 PKG_CHECK_MODULES([LZ4],
1027 [liblz4 >= 1.7.1 liblz4 < 100],
1029 [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
1030 # We also add set LZ4_LIBS otherwise the
1031 # linker will not know about the lz4 library
1035 saved_CFLAGS="${CFLAGS}"
1036 saved_LIBS="${LIBS}"
1037 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1038 LIBS="${LIBS} ${LZ4_LIBS}"
1040 # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
1041 # are used, check the version directly in the LZ4 include file
1042 if test "${have_lz4}" != "yes"; then
1043 AC_CHECK_HEADERS([lz4.h],
1047 if test "${have_lz4h}" = "yes" ; then
1048 AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
1054 /* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
1055 #if LZ4_VERSION_NUMBER < 10701L
1056 #error LZ4 is too old
1064 [AC_MSG_ERROR([system LZ4 library is too old])]
1069 # Double check we have a few needed functions
1070 if test "${have_lz4}" = "yes" ; then
1072 [LZ4_compress_default],
1076 [LZ4_decompress_safe],
1081 if test "${have_lz4}" != "yes" ; then
1082 AC_MSG_ERROR([No compatible LZ4 compression library found. Consider --disable-lz4])
1085 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1086 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1087 AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
1088 CFLAGS="${saved_CFLAGS}"
1089 LIBS="${saved_LIBS}"
1094 dnl Check for systemd
1096 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1097 if test "$enable_systemd" = "yes" ; then
1098 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1100 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1103 PKG_CHECK_EXISTS( [libsystemd > 216],
1104 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1105 [systemd is newer than v216])]
1108 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1111 AC_MSG_ERROR([systemd development headers not found.])
1114 saved_LIBS="${LIBS}"
1115 LIBS="${LIBS} ${libsystemd_LIBS}"
1116 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1117 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1118 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1119 LIBS="${saved_LIBS}"
1121 if test -n "${SYSTEMD_UNIT_DIR}"; then
1122 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1124 systemdunitdir="\${libdir}/systemd/system"
1127 if test -n "${TMPFILES_DIR}"; then
1128 tmpfilesdir="${TMPFILES_DIR}"
1130 tmpfilesdir="\${libdir}/tmpfiles.d"
1135 AC_MSG_CHECKING([git checkout])
1137 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1138 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1141 AC_MSG_RESULT([${GIT_CHECKOUT}])
1143 if test -n "${SP_PLATFORM_WINDOWS}"; then
1144 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #"
1145 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #"
1147 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['/'], [Path separator])
1148 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["/"], [Path separator])
1151 dnl enable --x509-username-field feature if requested
1152 if test "${enable_x509_alt_username}" = "yes"; then
1153 if test "${with_crypto_library}" = "mbedtls" ; then
1154 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1157 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1160 test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support])
1161 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1162 test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability])
1163 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1164 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1165 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1166 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1167 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
1168 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
1170 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1171 if test "${have_export_keying_material}" = "yes"; then
1173 [HAVE_EXPORT_KEYING_MATERIAL], [1],
1174 [Crypto library supports keying material exporter]
1177 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1178 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1180 if test "${enable_plugins}" = "yes"; then
1181 OPTIONAL_DL_LIBS="${DL_LIBS}"
1182 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1184 enable_plugin_auth_pam="no"
1185 enable_plugin_down_root="no"
1188 AM_CONDITIONAL([HAVE_SITNL], [false])
1190 if test "${enable_iproute2}" = "yes"; then
1191 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1192 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1193 else if test "${have_sitnl}" = "yes"; then
1194 AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support])
1195 AM_CONDITIONAL([HAVE_SITNL], [true])
1196 else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then
1197 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1198 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1203 if test "${enable_selinux}" = "yes"; then
1204 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1205 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1206 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1209 if test "${enable_lzo}" = "yes"; then
1210 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1211 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1212 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1213 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1215 if test "${enable_comp_stub}" = "yes"; then
1216 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1217 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1218 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1221 if test "${enable_pkcs11}" = "yes"; then
1222 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1223 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1224 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1225 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1229 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1230 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1235 # When testing a compiler option, we add -Werror to force
1236 # an error when the option is unsupported. This is not
1237 # required for gcc, but some compilers such as clang needs it.
1238 AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [
1239 old_cflags="$CFLAGS"
1240 CFLAGS="$1 -Werror $CFLAGS"
1241 AC_MSG_CHECKING([whether the compiler accepts $1])
1242 AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])]; CFLAGS="$1 $old_cflags",
1243 [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])]
1246 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
1247 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-function])
1248 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-parameter])
1249 ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
1251 if test "${enable_pedantic}" = "yes"; then
1253 CFLAGS="${CFLAGS} -pedantic"
1254 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1256 if test "${enable_strict}" = "yes"; then
1257 CFLAGS="${CFLAGS} -Wsign-compare -Wuninitialized"
1259 if test "${enable_werror}" = "yes"; then
1260 CFLAGS="${CFLAGS} -Werror"
1263 if test "${enable_plugin_auth_pam}" = "yes"; then
1264 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1265 if test "${enable_pam_dlopen}" = "yes"; then
1266 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1267 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1269 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1270 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1274 if test "${enable_async_push}" = "yes"; then
1281 AC_DEFINE([HAVE_SYS_INOTIFY_H])
1282 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push])
1289 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1290 AC_MSG_ERROR([inotify.h not found.])
1296 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1297 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1299 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1300 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1301 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1302 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1303 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1304 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1305 AC_SUBST([TAP_WIN_COMPONENT_ID])
1306 AC_SUBST([TAP_WIN_MIN_MAJOR])
1307 AC_SUBST([TAP_WIN_MIN_MINOR])
1309 AC_SUBST([OPTIONAL_DL_LIBS])
1310 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1311 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1312 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1313 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1314 AC_SUBST([OPTIONAL_LZO_LIBS])
1315 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1316 AC_SUBST([OPTIONAL_LZ4_LIBS])
1317 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1318 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1319 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1320 AC_SUBST([OPTIONAL_INOTIFY_CFLAGS])
1321 AC_SUBST([OPTIONAL_INOTIFY_LIBS])
1323 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1324 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1326 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1327 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1328 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1329 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1330 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1331 AM_CONDITIONAL([OPENSSL_ENGINE], [test "${have_openssl_engine}" = "yes"])
1333 sampledir="\$(docdir)/sample"
1334 AC_SUBST([plugindir])
1335 AC_SUBST([sampledir])
1337 AC_SUBST([systemdunitdir])
1338 AC_SUBST([tmpfilesdir])
1342 [AS_HELP_STRING([--disable-unit-tests],
1343 [Disables building and running the unit tests suite])],
1345 [enable_unit_tests="yes"]
1348 # Check if cmocka is available - needed for unit testing
1351 [have_cmocka="yes"],
1352 [AC_MSG_WARN([cmocka.pc not found on the system. Unit tests disabled])]
1354 AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a "${have_cmocka}" = "yes" ])
1355 AC_SUBST([ENABLE_UNITTESTS])
1357 TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_HELPER_LIBS}"
1358 TEST_LDFLAGS="${TEST_LDFLAGS} ${OPTIONAL_LZO_LIBS} ${CMOCKA_LIBS}"
1359 TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_HELPER_CFLAGS}"
1360 TEST_CFLAGS="${TEST_CFLAGS} ${OPTIONAL_LZO_CFLAGS}"
1361 TEST_CFLAGS="${TEST_CFLAGS} -I\$(top_srcdir)/include ${CMOCKA_CFLAGS}"
1363 AC_SUBST([TEST_LDFLAGS])
1364 AC_SUBST([TEST_CFLAGS])
1371 build/msvc/msvc-generate/Makefile
1373 distro/systemd/Makefile
1375 doc/doxygen/Makefile
1376 doc/doxygen/openvpn.doxyfile
1378 sample/sample-plugins/Makefile
1381 src/openvpn/Makefile
1382 src/openvpnmsica/Makefile
1383 src/openvpnserv/Makefile
1384 src/plugins/Makefile
1385 src/plugins/auth-pam/Makefile
1386 src/plugins/down-root/Makefile
1389 tests/unit_tests/Makefile
1390 tests/unit_tests/example_test/Makefile
1391 tests/unit_tests/openvpn/Makefile
1392 tests/unit_tests/plugins/Makefile
1393 tests/unit_tests/plugins/auth-pam/Makefile
1394 tests/unit_tests/engine-key/Makefile
1397 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])