1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
7 dnl Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 dnl Process this file with autoconf to produce a configure script.
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
44 dnl Initialize automake. automake < 1.12 didn't have serial-tests and
45 dnl gives an error if it sees this, but for automake >= 1.13
46 dnl serial-tests is required so we have to include it. Solution is to
47 dnl test for the version of automake (by running an external command)
48 dnl and provide it if necessary. Note we have to do this entirely using
49 dnl m4 macros since automake queries this macro by running
50 dnl 'autoconf --trace ...'.
51 m4_define([serial_tests], [
52 m4_esyscmd([automake --version |
54 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print "serial-tests" }}'
57 AM_INIT_AUTOMAKE(foreign serial_tests) dnl NB: Do not [quote] this parameter.
59 AC_USE_SYSTEM_EXTENSIONS
63 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
69 [ --disable-lz4 Disable LZ4 compression support],
70 [enable_lz4="$enableval"],
74 AC_ARG_ENABLE(comp-stub,
75 [ --enable-comp-stub Don't compile compression support but still allow limited interoperability with compression-enabled peers],
76 [enable_comp_stub="$enableval"],
77 [enable_comp_stub="no"]
82 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
84 [enable_crypto_ofb_cfb="yes"]
89 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
91 [enable_x509_alt_username="no"]
96 [AS_HELP_STRING([--disable-server], [disable server support only (but retain client support) @<:@default=yes@:>@])],
103 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
105 [enable_plugins="yes"]
110 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
112 [enable_management="yes"]
117 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
124 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
126 [enable_fragment="yes"]
131 [AS_HELP_STRING([--disable-multihome], [disable multi-homed UDP server support (--multihome) @<:@default=yes@:>@])],
133 [enable_multihome="yes"]
138 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
140 [enable_port_share="yes"]
145 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
152 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
159 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
161 [enable_iproute2="no"]
166 [AS_HELP_STRING([--disable-def-auth], [disable deferred authentication @<:@default=yes@:>@])],
168 [enable_def_auth="yes"]
173 [AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
180 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
184 *-*-openbsd*) enable_plugin_auth_pam="no";;
185 *-mingw*) enable_plugin_auth_pam="no";;
186 *) enable_plugin_auth_pam="yes";;
193 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
197 *-mingw*) enable_plugin_down_root="no";;
198 *) enable_plugin_down_root="yes";;
205 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
207 [enable_pam_dlopen="no"]
212 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
219 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
221 [enable_pedantic="no"]
226 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail if the compiler issues warnings (debugging option) @<:@default=no@:>@])],
233 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
235 [enable_strict_options="no"]
240 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
242 [enable_selinux="no"]
247 [AS_HELP_STRING([--enable-systemd], [enable systemd support @<:@default=no@:>@])],
249 [enable_systemd="no"]
254 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
256 [enable_async_push="no"]
261 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
262 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
267 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
270 dmalloc|valgrind|ssl|no) ;;
271 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
274 [with_mem_check="no"]
279 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls @<:@default=openssl@:>@])],
283 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
286 [with_crypto_library="openssl"]
289 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
290 if test -n "${PLUGINDIR}"; then
291 plugindir="${PLUGINDIR}"
293 plugindir="\${libdir}/openvpn/plugins"
296 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
297 AM_CONDITIONAL([TARGET_LINUX], [false])
300 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
301 AM_CONDITIONAL([TARGET_LINUX], [true])
302 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
306 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
307 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
308 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
309 test -x /bin/bash && SHELL="/bin/bash"
312 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
313 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
316 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
317 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
320 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
321 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
324 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
325 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
326 have_tap_header="yes"
327 ac_cv_type_struct_in_pktinfo=no
330 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
331 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
332 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
333 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
337 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
338 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
341 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
342 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
343 ROUTE="/usr/sbin/route"
344 have_tap_header="yes"
345 ac_cv_header_net_if_h="no" # exists, but breaks things
348 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
349 have_tap_header="yes"
360 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
361 AC_ARG_VAR([ROUTE], [full path to route utility])
362 AC_ARG_VAR([IPROUTE], [full path to ip utility])
363 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
364 AC_ARG_VAR([MAN2HTML], [path to man2html utility])
365 AC_ARG_VAR([GIT], [path to git utility])
366 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
367 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
368 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
369 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
370 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
371 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
372 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
373 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
374 AC_CHECK_PROGS([MAN2HTML], [man2html])
375 AC_CHECK_PROGS([GIT], [git]) # optional
376 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
377 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
378 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
379 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
381 # Set -std=c99 unless user already specified a -std=
384 *) CFLAGS="${CFLAGS} -std=c99" ;;
394 LT_LANG([Windows Resource])
419 AX_CPP_VARARG_MACRO_ISO
420 AX_CPP_VARARG_MACRO_GCC
423 AC_CHECK_SIZEOF([unsigned int])
424 AC_CHECK_SIZEOF([unsigned long])
426 stdio.h stdarg.h limits.h \
427 time.h errno.h fcntl.h io.h direct.h \
428 ctype.h sys/types.h sys/socket.h \
429 signal.h unistd.h dlfcn.h \
430 netinet/in.h netinet/in_systm.h \
431 netinet/tcp.h arpa/inet.h netdb.h \
432 windows.h winsock2.h ws2tcpip.h \
436 sys/time.h sys/ioctl.h sys/stat.h \
437 sys/mman.h sys/file.h sys/wait.h \
438 unistd.h signal.h libgen.h stropts.h \
439 syslog.h pwd.h grp.h \
440 sys/sockio.h sys/uio.h linux/sockios.h \
441 linux/types.h poll.h sys/epoll.h err.h \
448 #ifdef HAVE_SYS_TYPES_H
449 #include <sys/types.h>
451 #ifdef HAVE_SYS_SOCKET_H
452 #include <sys/socket.h>
457 #ifdef HAVE_NETINET_IN_H
458 #include <netinet/in.h>
460 #ifdef HAVE_WINDOWS_H
463 #ifdef HAVE_WINSOCK2_H
464 #include <winsock2.h>
466 #ifdef HAVE_WS2TCPIP_H
467 #include <ws2tcpip.h>
469 #ifdef HAVE_NETINET_IN_SYSTM_H
470 #include <netinet/in_systm.h>
472 #ifdef HAVE_NETINET_IP_H
473 #include <netinet/ip.h>
478 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
481 [[${SOCKET_INCLUDES}]]
487 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
488 [[${SOCKET_INCLUDES}]]
493 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
494 [[${SOCKET_INCLUDES}]]
498 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
500 [[${SOCKET_INCLUDES}]]
503 [struct sock_extended_err],
504 [AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
506 [[${SOCKET_INCLUDES}]]
510 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
512 [[${SOCKET_INCLUDES}]]
516 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
518 [[${SOCKET_INCLUDES}]]
522 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
524 [[${SOCKET_INCLUDES}]]
528 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
530 [[${SOCKET_INCLUDES}]]
533 [struct in_pktinfo.ipi_spec_dst],
534 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
536 [[${SOCKET_INCLUDES}]]
539 [struct sockaddr_in6],
541 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
542 [[${SOCKET_INCLUDES}]]
548 [[${SOCKET_INCLUDES}]]
550 AC_CHECKING([anonymous union support])
568 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
570 [AC_MSG_RESULT([no])]
573 saved_LDFLAGS="$LDFLAGS"
574 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
575 AC_MSG_CHECKING([linker supports --wrap])
580 void __real_exit(int);
581 void __wrap_exit(int i) {
591 have_ld_wrap_support=yes
593 [AC_MSG_RESULT([no])],
595 LDFLAGS="$saved_LDFLAGS"
597 dnl We emulate signals in Windows
601 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
611 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
621 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
631 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
641 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
652 daemon chroot getpwnam setuid nice system getpid dup dup2 \
653 getpass syslog openlog mlockall getgrnam setgid \
654 setgroups stat flock readv writev time gettimeofday \
655 ctime memset vsnprintf strdup \
656 setsid chdir putenv getpeername unlink \
657 chsize ftruncate execve getpeereid umask basename dirname access \
671 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
676 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
681 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
683 AC_SUBST([SOCKETS_LIBS])
686 LIBS="${LIBS} ${SOCKETS_LIBS}"
687 AC_CHECK_FUNCS([sendmsg recvmsg])
688 # Windows use stdcall for winsock so we cannot auto detect these
691 [socket recv recvfrom send sendto listen dnl
692 accept connect bind select gethostbyname inet_ntoa]dnl
696 [setsockopt getsockopt getsockname poll]dnl
698 if test "${WIN32}" = "yes"; then
699 # normal autoconf function checking does not find inet_ntop/inet_pton
700 # because they need to include the actual header file and link ws2_32.dll
701 LIBS="${LIBS} -lws2_32"
702 AC_MSG_CHECKING([for MinGW inet_ntop()/inet_pton()])
706 #include <ws2tcpip.h>
709 int r = (int) inet_ntop (0, NULL, NULL, 0);
710 r += inet_pton(AF_INET, NULL, NULL);
715 AC_DEFINE([HAVE_INET_NTOP],[1],[MinGW inet_ntop])
716 AC_DEFINE([HAVE_INET_PTON],[1],[MinGW inet_pton])
718 [AC_MSG_RESULT([not found])]
722 m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
723 m4_define([UF], [[m4_join([_], [HAVE], m4_toupper(F))]])
724 AC_DEFINE([UF], [1], [Win32 builtin])
727 AC_CHECK_FUNCS([inet_ntop inet_pton])
731 [AC_MSG_ERROR([Required library function not found])]
733 AC_CHECK_FUNCS(SOCKET_OPT_FUNCS)
737 # we assume res_init() always exist, but need to find out *where*...
738 AC_SEARCH_LIBS(__res_init, resolv bind, ,
739 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
740 AC_SEARCH_LIBS(res_init, resolv bind, , )))
742 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
743 old_CFLAGS="${CFLAGS}"
744 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
747 net/if_tun.h net/tun/if_tun.h \
751 [have_tap_header="yes"]
755 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
758 #ifdef HAVE_LINUX_IF_TUN_H
759 #include <linux/if_tun.h>
763 CFLAGS="${old_CFLAGS}"
764 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
769 [SELINUX_LIBS="-lselinux"]
771 AC_SUBST([SELINUX_LIBS])
773 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
774 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
775 if test -z "${LIBPAM_LIBS}"; then
779 [LIBPAM_LIBS="-lpam"]
783 case "${with_mem_check}" in
786 [valgrind/memcheck.h],
788 CFLAGS="${CFLAGS} -g -fno-inline"
792 [Use valgrind memory debugging library]
795 [AC_MSG_ERROR([valgrind headers not found.])]
805 LIBS="${LIBS} -ldmalloc"
809 [Use dmalloc memory debugging library]
812 [AC_MSG_ERROR([dmalloc library not found.])]
814 [AC_MSG_ERROR([dmalloc headers not found.])]
825 [Use memory debugging function in OpenSSL]
827 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
829 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
836 [libpkcs11-helper-1 >= 1.11],
837 [have_pkcs11_helper="yes"],
841 if test "${with_crypto_library}" = "openssl"; then
842 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
843 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
845 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
846 # if the user did not explicitly specify flags, try to autodetect
850 [have_openssl="yes"],
851 [] # If this fails, we will do another test next
853 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
856 saved_CFLAGS="${CFLAGS}"
858 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
859 LIBS="${LIBS} ${OPENSSL_LIBS}"
861 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
862 # are used, check the version directly in the OpenSSL include file
863 if test "${have_openssl}" != "yes"; then
864 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.1])
868 #include <openssl/opensslv.h>
871 /* Version encoding: MNNFFPPS - see opensslv.h for details */
872 #if OPENSSL_VERSION_NUMBER < 0x10001000L
873 #error OpenSSL too old
877 [AC_MSG_RESULT([ok])],
878 [AC_MSG_ERROR([OpenSSL version too old])]
882 AC_CHECK_FUNCS([SSL_CTX_new EVP_CIPHER_CTX_set_key_length],
884 [AC_MSG_ERROR([openssl check failed])]
887 have_openssl_engine="yes"
890 ENGINE_load_builtin_engines \
891 ENGINE_register_all_complete \
895 [have_openssl_engine="no"; break]
897 if test "${have_openssl_engine}" = "no"; then
898 AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
900 #include <openssl/engine.h>
904 if test "${have_openssl_engine}" = "yes"; then
905 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
908 have_crypto_aead_modes="yes"
912 [have_crypto_aead_modes="no"; break]
923 EVP_CIPHER_CTX_reset \
925 SSL_CTX_get_default_passwd_cb \
926 SSL_CTX_get_default_passwd_cb_userdata \
927 SSL_CTX_set_security_level \
928 X509_get0_notBefore \
931 X509_STORE_get0_objects \
933 X509_OBJECT_get_type \
937 EVP_PKEY_get0_EC_KEY \
946 RSA_meth_set_pub_enc \
947 RSA_meth_set_pub_dec \
948 RSA_meth_set_priv_enc \
949 RSA_meth_set_priv_dec \
952 RSA_meth_set_finish \
953 RSA_meth_set0_app_data \
954 RSA_meth_get0_app_data \
959 CFLAGS="${saved_CFLAGS}"
962 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
963 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
964 CRYPTO_LIBS="${OPENSSL_LIBS}"
965 elif test "${with_crypto_library}" = "mbedtls"; then
966 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
967 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
969 saved_CFLAGS="${CFLAGS}"
972 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
973 # if the user did not explicitly specify flags, try to autodetect
974 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
978 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
979 [AC_MSG_ERROR([Could not find mbed TLS.])],
980 [${PKCS11_HELPER_LIBS}]
984 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
985 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
987 AC_MSG_CHECKING([mbedtls version])
991 #include <mbedtls/version.h>
994 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || MBEDTLS_VERSION_NUMBER >= 0x03000000
995 #error invalid version
999 [AC_MSG_RESULT([ok])],
1000 [AC_MSG_ERROR([mbed TLS 2.y.z required])]
1003 have_crypto_aead_modes="yes"
1006 mbedtls_cipher_write_tag \
1007 mbedtls_cipher_check_tag \
1010 [have_crypto_aead_modes="no"; break]
1013 CFLAGS="${saved_CFLAGS}"
1014 LIBS="${saved_LIBS}"
1015 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
1016 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
1017 CRYPTO_LIBS="${MBEDTLS_LIBS}"
1019 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
1022 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
1023 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
1025 if test -z "${LZO_LIBS}"; then
1028 [lzo1x_1_15_compress],
1029 [LZO_LIBS="-llzo2"],
1032 [lzo1x_1_15_compress],
1038 if test "${have_lzo}" = "yes"; then
1039 saved_CFLAGS="${CFLAGS}"
1040 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
1047 [AC_MSG_ERROR([lzoutil.h is missing])]
1056 [AC_MSG_ERROR([lzo1x.h is missing])]
1059 CFLAGS="${saved_CFLAGS}"
1063 dnl check for LZ4 library
1066 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1067 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1068 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1069 if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
1070 # if the user did not explicitly specify flags, try to autodetect
1071 PKG_CHECK_MODULES([LZ4],
1072 [liblz4 >= 1.7.1 liblz4 < 100],
1074 [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
1075 # We also add set LZ4_LIBS otherwise the
1076 # linker will not know about the lz4 library
1080 saved_CFLAGS="${CFLAGS}"
1081 saved_LIBS="${LIBS}"
1082 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1083 LIBS="${LIBS} ${LZ4_LIBS}"
1085 # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
1086 # are used, check the version directly in the LZ4 include file
1087 if test "${have_lz4}" != "yes"; then
1088 AC_CHECK_HEADERS([lz4.h],
1092 if test "${have_lz4h}" = "yes" ; then
1093 AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
1099 /* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
1100 #if LZ4_VERSION_NUMBER < 10701L
1101 #error LZ4 is too old
1109 [AC_MSG_RESULT([system LZ4 library is too old])]
1114 # Double check we have a few needed functions
1115 if test "${have_lz4}" = "yes" ; then
1117 [LZ4_compress_default],
1121 [LZ4_decompress_safe],
1126 if test "${have_lz4}" != "yes" ; then
1127 AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
1128 AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
1131 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1132 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1133 AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
1134 CFLAGS="${saved_CFLAGS}"
1135 LIBS="${saved_LIBS}"
1140 dnl Check for systemd
1142 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1143 if test "$enable_systemd" = "yes" ; then
1144 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1146 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1149 PKG_CHECK_EXISTS( [libsystemd > 216],
1150 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1151 [systemd is newer than v216])]
1154 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1157 AC_MSG_ERROR([systemd development headers not found.])
1160 saved_LIBS="${LIBS}"
1161 LIBS="${LIBS} ${libsystemd_LIBS}"
1162 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1163 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1164 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1165 LIBS="${saved_LIBS}"
1167 if test -n "${SYSTEMD_UNIT_DIR}"; then
1168 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1170 systemdunitdir="\${libdir}/systemd/system"
1173 if test -n "${TMPFILES_DIR}"; then
1174 tmpfilesdir="${TMPFILES_DIR}"
1176 tmpfilesdir="\${libdir}/tmpfiles.d"
1181 AC_MSG_CHECKING([git checkout])
1183 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1184 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1187 AC_MSG_RESULT([${GIT_CHECKOUT}])
1189 if test -n "${SP_PLATFORM_WINDOWS}"; then
1190 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #"
1191 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #"
1193 AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['/'], [Path separator])
1194 AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["/"], [Path separator])
1197 dnl enable --x509-username-field feature if requested
1198 if test "${enable_x509_alt_username}" = "yes"; then
1199 if test "${with_crypto_library}" = "mbedtls" ; then
1200 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1203 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1206 test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support])
1207 test "${enable_server}" = "no" && AC_DEFINE([ENABLE_CLIENT_ONLY], [1], [Enable client capability only])
1208 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1209 test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability])
1210 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1211 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1212 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1213 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1214 test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
1215 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
1216 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
1218 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1219 test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
1220 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1221 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1223 if test "${enable_plugins}" = "yes"; then
1224 OPTIONAL_DL_LIBS="${DL_LIBS}"
1225 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1227 enable_plugin_auth_pam="no"
1228 enable_plugin_down_root="no"
1231 AM_CONDITIONAL([HAVE_SITNL], [false])
1233 if test "${enable_iproute2}" = "yes"; then
1234 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1235 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1236 else if test "${have_sitnl}" = "yes"; then
1237 AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support])
1238 AM_CONDITIONAL([HAVE_SITNL], [true])
1239 else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then
1240 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1241 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1246 if test "${enable_selinux}" = "yes"; then
1247 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1248 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1249 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1252 if test "${enable_lzo}" = "yes"; then
1253 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1254 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1255 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1256 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1258 if test "${enable_comp_stub}" = "yes"; then
1259 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1260 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1261 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1264 if test "${enable_pkcs11}" = "yes"; then
1265 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1266 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1267 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1268 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1272 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1273 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1278 # When testing a compiler option, we add -Werror to force
1279 # an error when the option is unsupported. This is not
1280 # required for gcc, but some compilers such as clang needs it.
1281 AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [
1282 old_cflags="$CFLAGS"
1283 CFLAGS="$1 -Werror $CFLAGS"
1284 AC_MSG_CHECKING([whether the compiler accepts $1])
1285 AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])]; CFLAGS="$1 $old_cflags",
1286 [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])]
1289 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
1290 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-function])
1291 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-unused-parameter])
1292 ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
1294 if test "${enable_pedantic}" = "yes"; then
1296 CFLAGS="${CFLAGS} -pedantic"
1297 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1299 if test "${enable_strict}" = "yes"; then
1300 CFLAGS="${CFLAGS} -Wsign-compare -Wuninitialized"
1302 if test "${enable_werror}" = "yes"; then
1303 CFLAGS="${CFLAGS} -Werror"
1306 if test "${WIN32}" = "yes"; then
1307 test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
1310 if test "${enable_plugin_auth_pam}" = "yes"; then
1311 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1312 if test "${enable_pam_dlopen}" = "yes"; then
1313 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1314 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1316 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1317 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1321 if test "${enable_async_push}" = "yes"; then
1324 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1325 AC_MSG_ERROR([inotify.h not found.])
1329 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1330 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1332 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1333 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1334 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1335 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1336 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1337 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1338 AC_SUBST([TAP_WIN_COMPONENT_ID])
1339 AC_SUBST([TAP_WIN_MIN_MAJOR])
1340 AC_SUBST([TAP_WIN_MIN_MINOR])
1342 AC_SUBST([OPTIONAL_DL_LIBS])
1343 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1344 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1345 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1346 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1347 AC_SUBST([OPTIONAL_LZO_LIBS])
1348 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1349 AC_SUBST([OPTIONAL_LZ4_LIBS])
1350 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1351 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1352 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1354 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1355 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1357 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1358 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1359 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1360 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1361 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1363 sampledir="\$(docdir)/sample"
1364 AC_SUBST([plugindir])
1365 AC_SUBST([sampledir])
1367 AC_SUBST([systemdunitdir])
1368 AC_SUBST([tmpfilesdir])
1372 [AS_HELP_STRING([--disable-unit-tests],
1373 [Disables building and running the unit tests suite])],
1375 [enable_unit_tests="yes"]
1378 # Check if cmocka is available - needed for unit testing
1381 [have_cmocka="yes"],
1382 [AC_MSG_WARN([cmocka.pc not found on the system. Unit tests disabled])]
1384 AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a "${have_cmocka}" = "yes" ])
1385 AC_SUBST([ENABLE_UNITTESTS])
1387 TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_HELPER_LIBS}"
1388 TEST_LDFLAGS="${TEST_LDFLAGS} ${OPTIONAL_LZO_LIBS} ${CMOCKA_LIBS}"
1389 TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_HELPER_CFLAGS}"
1390 TEST_CFLAGS="${TEST_CFLAGS} ${OPTIONAL_LZO_CFLAGS}"
1391 TEST_CFLAGS="${TEST_CFLAGS} -I\$(top_srcdir)/include ${CMOCKA_CFLAGS}"
1393 AC_SUBST([TEST_LDFLAGS])
1394 AC_SUBST([TEST_CFLAGS])
1401 build/msvc/msvc-generate/Makefile
1403 distro/systemd/Makefile
1405 doc/doxygen/Makefile
1406 doc/doxygen/openvpn.doxyfile
1410 src/openvpn/Makefile
1411 src/openvpnmsica/Makefile
1412 src/openvpnserv/Makefile
1413 src/plugins/Makefile
1414 src/plugins/auth-pam/Makefile
1415 src/plugins/down-root/Makefile
1418 tests/unit_tests/Makefile
1419 tests/unit_tests/example_test/Makefile
1420 tests/unit_tests/openvpn/Makefile
1421 tests/unit_tests/plugins/Makefile
1422 tests/unit_tests/plugins/auth-pam/Makefile
1425 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])