#
# Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2016 Andreas Steffen
+# Copyright (C) 2006-2017 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
#
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.5.3])
+AC_INIT([strongSwan],[5.7.0dr4])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
ARG_ENABL_SET([imv-os], [enable IMV operating system module.])
ARG_ENABL_SET([imc-attestation],[enable IMC attestation module.])
ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.])
-ARG_ENABL_SET([imc-swid], [enable IMC swid module.])
-ARG_ENABL_SET([imv-swid], [enable IMV swid module.])
+ARG_ENABL_SET([imc-swima], [enable IMC swima module.])
+ARG_ENABL_SET([imv-swima], [enable IMV swima module.])
ARG_ENABL_SET([imc-hcd], [enable IMC hcd module.])
ARG_ENABL_SET([imv-hcd], [enable IMV hcd module.])
ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module. Requires libxml])
ARG_ENABL_SET([bypass-lan], [enable plugin to install bypass policies for local subnets.])
ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.])
ARG_ENABL_SET([connmark], [enable connmark plugin using conntrack based marks to select return path SA.])
+ARG_ENABL_SET([counters], [enable plugin that collects several performance counters.])
ARG_ENABL_SET([forecast], [enable forecast plugin forwarding broadcast/multicast messages.])
ARG_ENABL_SET([duplicheck], [advanced duplicate checking plugin using liveness checks.])
ARG_ENABL_SET([error-notify], [enable error notification plugin.])
ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.])
ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.])
ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.])
+ARG_ENABL_SET([save-keys], [enable development/debugging plugin that saves IKE and ESP keys in Wireshark format.])
ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.])
ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.])
ARG_DISBL_SET([updown], [disable updown firewall script plugin.])
AC_MSG_CHECKING([gperf version >= 3.0.0])
if test -x "$GPERF"; then
if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
+ GPERF_OUTPUT="`echo foo | ${GPERF}`"
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=size_t],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=unsigned],
+ [AC_MSG_ERROR([unable to determine gperf len type])]
+ )]
+ )
+ AC_SUBST(GPERF_LEN_TYPE)
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
radius=true;
fi
-if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
+if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_20 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
tnc_tnccs=true;
fi
tls=true;
fi
-if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
+if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
imcv=true;
fi
tss_trousers=true
fi
-if test x$ntru = xtrue -o x$bliss = xtrue; then
+if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then
mgf1=true
fi
+if test x$stroke = xtrue; then
+ counters=true
+fi
+
# ===========================================
# check required libraries and header files
# ===========================================
[
AC_MSG_RESULT([yes])
windows=true
- openssl_lib=eay32
+
AC_SUBST(PTHREADLIB, "")
# explicitly disable ms-bitfields, as it breaks __attribute__((packed))
case "$CFLAGS" in
],
[
AC_MSG_RESULT([no])
- openssl_lib=crypto
# check for clock_gettime() on non-Windows only. Otherwise this
# check might find clock_gettime() in libwinpthread, but we don't want
LIBS=$saved_LIBS
]
)
-AC_SUBST(OPENSSL_LIB, [-l$openssl_lib])
AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue])
AC_MSG_CHECKING([for working __attribute__((packed))])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include "gmp.h"]],
- [[void *x = mpz_powm_sec;]])],
+ [[void *x __attribute__((unused)); x = mpz_powm_sec;]])],
[AC_MSG_RESULT([yes]);
- AC_DEFINE([HAVE_MPZ_POWM_SEC], [], [have mpz_mown_sec()])],
+ AC_DEFINE([HAVE_MPZ_POWM_SEC], [], [have mpz_powm_sec()])],
[AC_MSG_RESULT([no])]
)
else
AC_SUBST(systemd_journal_CFLAGS)
AC_SUBST(systemd_journal_LIBS)]
)
+ saved_LIBS=$LIBS
+ LIBS="$systemd_LIBS $systemd_daemon_LIBS"
+ AC_CHECK_FUNCS(sd_listen_fds_with_names)
+ LIBS=$saved_LIBS
fi
if test x$tss_trousers = xtrue; then
fi
if test x$tss_tss2 = xtrue; then
- PKG_CHECK_MODULES(tss2, [tcti-socket], [AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])])
- AC_SUBST(tss2_CFLAGS)
- AC_SUBST(tss2_LIBS)
+ PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
+ [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
+ [tss2_tabrmd=false])
+ PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
+ [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
+ [tss2_socket=false])
+ if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+ AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])
+ AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
+ AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
+ else
+ AC_MSG_FAILURE([no TSS2 TCTI library detected])
+ fi
fi
-if test x$imv_swid = xtrue; then
+if test x$imc_swima = xtrue -o $imv_swima = xtrue; then
PKG_CHECK_MODULES(json, [json-c], [],
[PKG_CHECK_MODULES(json, [json])])
AC_SUBST(json_CFLAGS)
fi
if test x$openssl = xtrue; then
- AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
- [AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[$DLLIB])
+ if test "x$windows" = xtrue; then
+ openssl_lib=eay32
+ AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
+ [AC_MSG_RESULT([no]);openssl_lib=""],[$DLLIB])
+ fi
+ if test -z "$openssl_lib"; then
+ openssl_lib=crypto
+ AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
+ [AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[$DLLIB])
+ fi
+ AC_SUBST(OPENSSL_LIB, [-l$openssl_lib])
AC_CHECK_HEADER([openssl/evp.h],,[AC_MSG_ERROR([OpenSSL header openssl/evp.h not found!])])
fi
fi
if test x$nm = xtrue; then
- PKG_CHECK_EXISTS([libnm-glib],
- [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn])],
- [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn])]
- )
+ PKG_CHECK_MODULES(nm, [gthread-2.0 libnm])
AC_SUBST(nm_CFLAGS)
AC_SUBST(nm_LIBS)
fi
CFLAGS="${CFLAGS} -g -O0"
fi
+if test x$fuzzing = xtrue; then
+ if test x$libfuzzer = x; then
+ AC_MSG_NOTICE([fuzz targets enabled without libFuzzer, using local driver])
+ CFLAGS="${CFLAGS} -fsanitize=address"
+ libfuzzer="libFuzzerLocal.a"
+ else
+ # required for libFuzzer
+ FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
+ AC_SUBST(FUZZING_LDFLAGS)
+ fi
+fi
+
if test x$ruby_gems = xtrue; then
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
if test x$GEM = x; then
ADD_PLUGIN([revocation], [s charon pki nm cmd])
ADD_PLUGIN([constraints], [s charon nm cmd])
ADD_PLUGIN([acert], [s charon])
-ADD_PLUGIN([pubkey], [s charon cmd aikgen])
+ADD_PLUGIN([pubkey], [s charon pki cmd aikgen])
ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd])
ADD_PLUGIN([kernel-pfroute], [c charon starter nm cmd])
ADD_PLUGIN([kernel-netlink], [c charon starter nm cmd])
ADD_PLUGIN([resolve], [c charon cmd])
+ADD_PLUGIN([save-keys], [c])
ADD_PLUGIN([socket-default], [c charon nm cmd])
ADD_PLUGIN([socket-dynamic], [c charon cmd])
ADD_PLUGIN([socket-win], [c charon])
ADD_PLUGIN([uci], [c charon])
ADD_PLUGIN([addrblock], [c charon])
ADD_PLUGIN([unity], [c charon])
+ADD_PLUGIN([counters], [c charon])
AC_SUBST(charon_plugins)
AC_SUBST(starter_plugins)
AM_CONDITIONAL(USE_IMV_OS, test x$imv_os = xtrue)
AM_CONDITIONAL(USE_IMC_ATTESTATION, test x$imc_attestation = xtrue)
AM_CONDITIONAL(USE_IMV_ATTESTATION, test x$imv_attestation = xtrue)
-AM_CONDITIONAL(USE_IMC_SWID, test x$imc_swid = xtrue)
-AM_CONDITIONAL(USE_IMV_SWID, test x$imv_swid = xtrue)
+AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue)
+AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue)
AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue)
AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue)
+AM_CONDITIONAL(USE_SAVE_KEYS, test x$save_keys = xtrue)
AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue)
AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue)
AM_CONDITIONAL(USE_SOCKET_WIN, test x$socket_win = xtrue)
AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue)
+AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
# other options
# ---------------
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
-AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm -o x$aikgen = xtrue -o x$imcv = xtrue)
+AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm = xtrue -o x$aikgen = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue)
AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
if test x$fuzzing = xtrue; then
AC_DEFINE([USE_FUZZING], [], [build code for fuzzing])
fi
+if test x$imc_swima = xtrue -o x$imv_swima = xtrue; then
+ AC_DEFINE([USE_JSON], [], [build code for JSON])
+fi
# ====================================================
# options for enabled modules (see conf/Makefile.am)
AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"])
AM_COND_IF([USE_IMV_ATTESTATION], [strongswan_options=${strongswan_options}" attest"])
AM_COND_IF([USE_IMCV], [strongswan_options=${strongswan_options}" imcv"])
-AM_COND_IF([USE_IMV_OS], [strongswan_options=${strongswan_options}" pacman"])
+AM_COND_IF([USE_IMV_SWIMA], [strongswan_options=${strongswan_options}" sec-updater"])
AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"])
AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"])
AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
src/libimcv/plugins/imv_os/Makefile
src/libimcv/plugins/imc_attestation/Makefile
src/libimcv/plugins/imv_attestation/Makefile
- src/libimcv/plugins/imc_swid/Makefile
- src/libimcv/plugins/imv_swid/Makefile
+ src/libimcv/plugins/imc_swima/Makefile
+ src/libimcv/plugins/imv_swima/Makefile
src/libimcv/plugins/imc_hcd/Makefile
src/libimcv/plugins/imv_hcd/Makefile
src/charon/Makefile
src/libcharon/Makefile
src/libcharon/plugins/eap_aka/Makefile
src/libcharon/plugins/eap_aka_3gpp/Makefile
+ src/libcharon/plugins/eap_aka_3gpp/tests/Makefile
src/libcharon/plugins/eap_aka_3gpp2/Makefile
src/libcharon/plugins/eap_dynamic/Makefile
src/libcharon/plugins/eap_identity/Makefile
src/libcharon/plugins/xauth_noauth/Makefile
src/libcharon/plugins/tnc_ifmap/Makefile
src/libcharon/plugins/tnc_pdp/Makefile
+ src/libcharon/plugins/save_keys/Makefile
src/libcharon/plugins/socket_default/Makefile
src/libcharon/plugins/socket_dynamic/Makefile
src/libcharon/plugins/socket_win/Makefile
src/libcharon/plugins/bypass_lan/Makefile
src/libcharon/plugins/connmark/Makefile
+ src/libcharon/plugins/counters/Makefile
src/libcharon/plugins/forecast/Makefile
src/libcharon/plugins/farp/Makefile
src/libcharon/plugins/smp/Makefile
src/_copyright/Makefile
src/scepclient/Makefile
src/aikgen/Makefile
+ src/tpm_extendpcr/Makefile
src/pki/Makefile
src/pki/man/Makefile
src/pool/Makefile
src/checksum/Makefile
src/conftest/Makefile
src/pt-tls-client/Makefile
+ src/sw-collector/Makefile
+ src/sec-updater/Makefile
src/swanctl/Makefile
scripts/Makefile
testing/Makefile
src/swanctl/swanctl.8
src/swanctl/swanctl.conf.5.head
src/swanctl/swanctl.conf.5.tail
+ src/pt-tls-client/pt-tls-client.1
+ src/sw-collector/sw-collector.8
+ src/sec-updater/sec-updater.8
])
AC_OUTPUT
projects / thirdparty / strongswan.git / blobdiff