]> git.ipfire.org Git - thirdparty/openvpn.git/blob - configure.ac
projects / thirdparty / openvpn.git / blob
? search:


14f5be40aa1ec6335ba22f2069af7cf9f63718d2
[thirdparty/openvpn.git] / configure.ac
1 dnl OpenVPN -- An application to securely tunnel IP networks
2 dnl over a single UDP port, with support for SSL/TLS-based
3 dnl session authentication and key exchange,
4 dnl packet encryption, packet authentication, and
5 dnl packet compression.
6 dnl
7 dnl Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
8 dnl Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
9 dnl
10 dnl This program is free software; you can redistribute it and/or modify
11 dnl it under the terms of the GNU General Public License as published by
12 dnl the Free Software Foundation; either version 2 of the License, or
13 dnl (at your option) any later version.
14 dnl
15 dnl This program is distributed in the hope that it will be useful,
16 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
17 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 dnl GNU General Public License for more details.
19 dnl
20 dnl You should have received a copy of the GNU General Public License along
21 dnl with this program; if not, write to the Free Software Foundation, Inc.,
22 dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23
24 dnl Process this file with autoconf to produce a configure script.
25
26 AC_PREREQ(2.59)
27
28 m4_include(version.m4)
29 AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
30 m4_include(compat.m4)
31 AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
32 AC_SUBST([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version])
33 AC_SUBST([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version])
34 AC_SUBST([OPENVPN_VERSION_PATCH], [PRODUCT_VERSION_PATCH], [OpenVPN patch level - may be a string or integer])
35 AC_DEFINE([OPENVPN_VERSION_MAJOR], [PRODUCT_VERSION_MAJOR], [OpenVPN major version - integer])
36 AC_DEFINE([OPENVPN_VERSION_MINOR], [PRODUCT_VERSION_MINOR], [OpenVPN minor version - integer])
37 AC_DEFINE([OPENVPN_VERSION_PATCH], ["PRODUCT_VERSION_PATCH"], [OpenVPN patch level - may be a string or integer])
38
39 AC_CONFIG_AUX_DIR([.])
40 AC_CONFIG_HEADERS([config.h include/openvpn-plugin.h])
41 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
42 AC_CONFIG_MACRO_DIR([m4])
43
44 dnl Automake 1.14+ warns if sources are in sub-directories but subdir-objects
45 dnl options is not enabled. However, automake before 1.15a has a bug that causes
46 dnl variable expansion to fail in foo_SOURCES when this option is used.
47 dnl As most of our build systems are now likely to use automake 1.16+ add a
48 dnl work around to conditionally add subdir-objects option.
49 m4_define([subdir_objects], [
50 m4_esyscmd([automake --version |
51 head -1 |
52 awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 16) { print "subdir-objects" }}'
53 ])
54 ])
55
56 # This foreign option prevents autoreconf from overriding our COPYING and
57 # INSTALL targets:
58 AM_INIT_AUTOMAKE(foreign subdir_objects 1.9) dnl NB: Do not [quote] this parameter.
59 AM_SILENT_RULES([yes])
60 AC_CANONICAL_HOST
61 AC_USE_SYSTEM_EXTENSIONS
62
63 AC_ARG_ENABLE(
64 [lzo],
65 [AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
66 ,
67 [enable_lzo="yes"]
68 )
69
70 AC_ARG_ENABLE(
71 [lz4],
72 [AS_HELP_STRING([--disable-lz4], [disable LZ4 compression support @<:@default=yes@:>@])],
73 [enable_lz4="$enableval"],
74 [enable_lz4="yes"]
75 )
76
77 AC_ARG_ENABLE(
78 [comp-stub],
79 [AS_HELP_STRING([--enable-comp-stub], [disable compression support but still allow limited interoperability with compression-enabled peers @<:@default=no@:>@])],
80 [enable_comp_stub="$enableval"],
81 [enable_comp_stub="no"]
82 )
83
84 AC_ARG_ENABLE(
85 [ofb-cfb],
86 [AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
87 ,
88 [enable_crypto_ofb_cfb="yes"]
89 )
90
91 AC_ARG_ENABLE(
92 [x509-alt-username],
93 [AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
94 ,
95 [enable_x509_alt_username="no"]
96 )
97
98 AC_ARG_ENABLE(
99 [ntlm],
100 [AS_HELP_STRING([--disable-ntlm], [disable NTLMv2 proxy support @<:@default=yes@:>@])],
101 ,
102 [enable_ntlm="yes"]
103 )
104
105 AC_ARG_ENABLE(
106 [plugins],
107 [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
108 ,
109 [enable_plugins="yes"]
110 )
111
112 AC_ARG_ENABLE(
113 [management],
114 [AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
115 ,
116 [enable_management="yes"]
117 )
118
119 AC_ARG_ENABLE(
120 [pkcs11],
121 [AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
122 ,
123 [enable_pkcs11="no"]
124 )
125
126 AC_ARG_ENABLE(
127 [fragment],
128 [AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
129 ,
130 [enable_fragment="yes"]
131 )
132
133 AC_ARG_ENABLE(
134 [port-share],
135 [AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
136 ,
137 [enable_port_share="yes"]
138 )
139
140 AC_ARG_ENABLE(
141 [debug],
142 [AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
143 ,
144 [enable_debug="yes"]
145 )
146
147 AC_ARG_ENABLE(
148 [small],
149 [AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=no@:>@])],
150 ,
151 [enable_small="no"]
152 )
153
154 AC_ARG_ENABLE(
155 [dco],
156 [AS_HELP_STRING([--disable-dco], [disable data channel offload support using the ovpn-dco kernel module @<:@default=yes@:>@ on Linux/FreeBSD, can't disable on Windows])],
157 ,
158 [
159 case "$host" in
160 *-*-linux*)
161 enable_dco="auto"
162 ;;
163 *-*-freebsd*)
164 enable_dco="auto"
165 ;;
166 *)
167 # note that this does not disable it for Windows
168 enable_dco="no"
169 ;;
170 esac
171 ]
172 )
173
174 AC_ARG_ENABLE(
175 [iproute2],
176 [AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 (disables DCO) @<:@default=no@:>@])],
177 ,
178 [enable_iproute2="no"]
179 )
180
181 AC_ARG_ENABLE(
182 [plugin-auth-pam],
183 [AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
184 ,
185 [
186 case "$host" in
187 *-*-openbsd*) enable_plugin_auth_pam="no";;
188 *-mingw*) enable_plugin_auth_pam="no";;
189 *) enable_plugin_auth_pam="yes";;
190 esac
191 ]
192 )
193
194 AC_ARG_ENABLE(
195 [plugin-down-root],
196 [AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
197 ,
198 [
199 case "$host" in
200 *-mingw*) enable_plugin_down_root="no";;
201 *) enable_plugin_down_root="yes";;
202 esac
203 ]
204 )
205
206 AC_ARG_ENABLE(
207 [pam-dlopen],
208 [AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
209 ,
210 [enable_pam_dlopen="no"]
211 )
212
213 AC_ARG_ENABLE(
214 [strict],
215 [AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
216 ,
217 [enable_strict="no"]
218 )
219
220 AC_ARG_ENABLE(
221 [pedantic],
222 [AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
223 ,
224 [enable_pedantic="no"]
225 )
226
227 AC_ARG_ENABLE(
228 [werror],
229 [AS_HELP_STRING([--enable-werror], [promote compiler warnings to errors, will cause builds to fail if the compiler issues warnings (debugging option) @<:@default=no@:>@])],
230 ,
231 [enable_werror="no"]
232 )
233
234 AC_ARG_ENABLE(
235 [strict-options],
236 [AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
237 ,
238 [enable_strict_options="no"]
239 )
240
241 AC_ARG_ENABLE(
242 [selinux],
243 [AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
244 ,
245 [enable_selinux="no"]
246 )
247
248 AC_ARG_ENABLE(
249 [systemd],
250 [AS_HELP_STRING([--enable-systemd], [enable systemd support @<:@default=no@:>@])],
251 ,
252 [enable_systemd="no"]
253 )
254
255 AC_ARG_ENABLE(
256 [async-push],
257 [AS_HELP_STRING([--enable-async-push], [enable async-push support for plugins providing deferred authentication @<:@default=no@:>@])],
258 ,
259 [enable_async_push="no"]
260 )
261
262 AC_ARG_WITH(
263 [special-build],
264 [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
265 [test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
266 )
267
268 AC_ARG_WITH(
269 [mem-check],
270 [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
271 [
272 case "${withval}" in
273 dmalloc|valgrind|ssl|no) ;;
274 *) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
275 esac
276 ],
277 [with_mem_check="no"]
278 )
279
280 AC_ARG_WITH(
281 [crypto-library],
282 [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls|wolfssl @<:@default=openssl@:>@])],
283 [
284 case "${withval}" in
285 openssl|mbedtls|wolfssl) ;;
286 *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
287 esac
288 ],
289 [with_crypto_library="openssl"]
290 )
291
292 AC_ARG_ENABLE(
293 [wolfssl-options-h],
294 [AS_HELP_STRING([--disable-wolfssl-options-h], [Disable including options.h in wolfSSL @<:@default=yes@:>@])],
295 ,
296 [enable_wolfssl_options_h="yes"]
297 )
298
299 AC_ARG_WITH(
300 [openssl-engine],
301 [AS_HELP_STRING([--with-openssl-engine], [enable engine support with OpenSSL. Default enabled for OpenSSL < 3.0, auto,yes,no @<:@default=auto@:>@])],
302 [
303 case "${withval}" in
304 auto|yes|no) ;;
305 *) AC_MSG_ERROR([bad value ${withval} for --with-engine]) ;;
306 esac
307 ],
308 [with_openssl_engine="auto"]
309 )
310
311 AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
312 if test -n "${PLUGINDIR}"; then
313 plugindir="${PLUGINDIR}"
314 else
315 plugindir="\${libdir}/openvpn/plugins"
316 fi
317
318 AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
319 AM_CONDITIONAL([TARGET_LINUX], [false])
320 case "$host" in
321 *-*-linux*)
322 AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
323 AM_CONDITIONAL([TARGET_LINUX], [true])
324 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
325 have_sitnl="yes"
326 pkg_config_required="yes"
327 ;;
328 *-*-solaris*)
329 AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
330 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
331 CPPFLAGS="$CPPFLAGS -D_XPG4_2"
332 test -x /bin/bash && SHELL="/bin/bash"
333 ;;
334 *-*-openbsd*)
335 AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
336 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
337 ;;
338 *-*-freebsd*)
339 AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
340 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
341 ;;
342 *-*-netbsd*)
343 AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
344 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
345 ;;
346 *-*-darwin*)
347 AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
348 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
349 have_tap_header="yes"
350 ac_cv_type_struct_in_pktinfo=no
351 ;;
352 *-mingw*)
353 AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
354 AC_DEFINE([ENABLE_DCO], [1], [DCO is always enabled on Windows])
355 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
356 CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
357 CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"
358 WIN32=yes
359 ;;
360 *-*-dragonfly*)
361 AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
362 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
363 ;;
364 *-aix*)
365 AC_DEFINE([TARGET_AIX], [1], [Are we running AIX?])
366 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["A"], [Target prefix])
367 ROUTE="/usr/sbin/route"
368 have_tap_header="yes"
369 ac_cv_header_net_if_h="no" # exists, but breaks things
370 ;;
371 *)
372 AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
373 have_tap_header="yes"
374 ;;
375 esac
376
377 AM_CONDITIONAL([CROSS_COMPILING], test "${cross_compiling}" = "yes")
378
379 PKG_PROG_PKG_CONFIG
380 # Add variable to print if pkg-config is found or not. Users often miss that
381 if test "${PKG_CONFIG}" = ""; then
382 if test "${pkg_config_required}" = "yes"; then
383 AC_MSG_ERROR([pkg-config is required])
384 fi
385 pkg_config_found="(not found)"
386 else
387 pkg_config_found="(${PKG_CONFIG})"
388 fi
389
390 AC_PROG_CPP
391 AC_PROG_INSTALL
392 AC_PROG_LN_S
393 AC_PROG_SED
394 AC_PROG_MAKE_SET
395
396 AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
397 AC_ARG_VAR([ROUTE], [full path to route utility])
398 AC_ARG_VAR([IPROUTE], [full path to ip utility])
399 AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
400 AC_ARG_VAR([GIT], [path to git utility])
401 AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility])
402 AC_ARG_VAR([SYSTEMD_UNIT_DIR], [Path of systemd unit directory @<:@default=LIBDIR/systemd/system@:>@])
403 AC_ARG_VAR([TMPFILES_DIR], [Path of tmpfiles directory @<:@default=LIBDIR/tmpfiles.d@:>@])
404 AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
405 AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
406 AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
407 AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin])
408 AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
409 AC_CHECK_PROGS([GIT], [git]) # optional
410 AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
411 AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
412 AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
413 AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool])
414
415 #
416 # man page generation - based on python-docutils
417 #
418 AC_ARG_VAR([RST2MAN], [path to rst2man utility])
419 AC_ARG_VAR([RST2HTML], [path to rst2html utility])
420 AC_CHECK_PROGS([RST2MAN], [rst2man rst2man.py])
421 AC_CHECK_PROGS([RST2HTML], [rst2html rst2html.py])
422 AM_CONDITIONAL([HAVE_PYDOCUTILS], [test "${RST2MAN}" -a "${RST2HTML}"])
423
424 # Set -std=c99 unless user already specified a -std=
425 case "${CFLAGS}" in
426 *-std=*) ;;
427 *) CFLAGS="${CFLAGS} -std=c99" ;;
428 esac
429
430 #
431 # Libtool
432 #
433 ifdef(
434 [LT_INIT],
435 [
436 LT_INIT([win32-dll])
437 LT_LANG([Windows Resource])
438 ],
439 [
440 AC_LIBTOOL_WIN32_DLL
441 AC_LIBTOOL_RC
442 AC_PROG_LIBTOOL
443 ]
444 )
445
446 AC_C_CONST
447 AC_C_INLINE
448 AC_C_VOLATILE
449 AC_TYPE_OFF_T
450 AC_TYPE_PID_T
451 AC_TYPE_SIZE_T
452 AC_TYPE_UID_T
453 AX_TYPE_SOCKLEN_T
454 AC_CHECK_SIZEOF([unsigned int])
455 AC_CHECK_SIZEOF([unsigned long])
456 AC_CHECK_HEADERS([ \
457 fcntl.h io.h \
458 sys/types.h sys/socket.h \
459 unistd.h dlfcn.h \
460 netinet/in.h \
461 netinet/tcp.h arpa/inet.h netdb.h \
462 ])
463 AC_CHECK_HEADERS([ \
464 sys/time.h sys/ioctl.h sys/stat.h \
465 sys/mman.h sys/file.h sys/wait.h \
466 unistd.h libgen.h stropts.h \
467 syslog.h pwd.h grp.h termios.h \
468 sys/sockio.h sys/uio.h linux/sockios.h \
469 linux/types.h linux/errqueue.h poll.h sys/epoll.h err.h \
470 ])
471
472 SOCKET_INCLUDES="
473 #include <stdlib.h>
474 #ifdef HAVE_SYS_TYPES_H
475 #include <sys/types.h>
476 #endif
477 #ifdef HAVE_SYS_SOCKET_H
478 #include <sys/socket.h>
479 #endif
480 #ifdef HAVE_NET_IF_H
481 #include <net/if.h>
482 #endif
483 #ifdef HAVE_NETINET_IN_H
484 #include <netinet/in.h>
485 #endif
486 #ifdef _WIN32
487 #include <windows.h>
488 #endif
489 #ifdef _WIN32
490 #include <winsock2.h>
491 #endif
492 #ifdef _WIN32
493 #include <ws2tcpip.h>
494 #endif
495 #ifdef HAVE_NETINET_IP_H
496 #include <netinet/ip.h>
497 #endif
498 "
499
500 AC_CHECK_HEADERS(
501 [net/if.h netinet/ip.h resolv.h sys/un.h net/if_utun.h sys/kern_control.h],
502 ,
503 ,
504 [[${SOCKET_INCLUDES}]]
505 )
506
507 AC_CHECK_TYPES(
508 [in_addr_t],
509 ,
510 [AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
511 [[${SOCKET_INCLUDES}]]
512 )
513 AC_CHECK_TYPES(
514 [in_port_t],
515 ,
516 [AC_DEFINE([in_port_t], [uint16_t], [Workaround missing in_port_t])],
517 [[${SOCKET_INCLUDES}]]
518 )
519 AC_CHECK_TYPE(
520 [struct iphdr],
521 [AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
522 ,
523 [[${SOCKET_INCLUDES}]]
524 )
525 AC_CHECK_TYPE(
526 [struct msghdr],
527 [AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
528 ,
529 [[${SOCKET_INCLUDES}]]
530 )
531 AC_CHECK_TYPE(
532 [struct cmsghdr],
533 [AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
534 ,
535 [[${SOCKET_INCLUDES}]]
536 )
537 AC_CHECK_TYPE(
538 [struct in_pktinfo],
539 [AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
540 ,
541 [[${SOCKET_INCLUDES}]]
542 )
543 AC_CHECK_TYPE(
544 [sa_family_t],
545 [AC_DEFINE([HAVE_SA_FAMILY_T], [1], [sa_family_t, needed to hold AF_* info])],
546 ,
547 [[${SOCKET_INCLUDES}]]
548 )
549 AC_CHECK_MEMBER(
550 [struct in_pktinfo.ipi_spec_dst],
551 [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])],
552 ,
553 [[${SOCKET_INCLUDES}]]
554 )
555 AC_CHECK_TYPE(
556 [struct sockaddr_in6],
557 ,
558 [AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
559 [[${SOCKET_INCLUDES}]]
560 )
561 AC_CHECK_DECLS(
562 [SO_MARK],
563 ,
564 ,
565 [[${SOCKET_INCLUDES}]]
566 )
567 AC_MSG_CHECKING([anonymous union support])
568 AC_COMPILE_IFELSE(
569 [AC_LANG_PROGRAM(
570 [[
571 struct mystruct {
572 union {
573 int m1;
574 char m2;
575 };
576 };
577 ]],
578 [[
579 struct mystruct s;
580 s.m1 = 1; s.m2 = 2;
581 ]]
582 )],
583 [
584 AC_MSG_RESULT([yes])
585 AC_DEFINE([HAVE_ANONYMOUS_UNION_SUPPORT], [], [Compiler supports anonymous unions])
586 ],
587 [AC_MSG_RESULT([no])]
588 )
589
590 saved_LDFLAGS="$LDFLAGS"
591 LDFLAGS="$LDFLAGS -Wl,--wrap=exit"
592 AC_MSG_CHECKING([linker supports --wrap])
593 AC_LINK_IFELSE(
594 [AC_LANG_PROGRAM(
595 [[
596 void exit(int);
597 void __real_exit(int);
598 void __wrap_exit(int i) {
599 __real_exit(i);
600 }
601 ]],
602 [[
603 exit(0);
604 ]]
605 )],
606 [
607 AC_MSG_RESULT([yes])
608 have_ld_wrap_support=yes
609 ],
610 [AC_MSG_RESULT([no])],
611 )
612 LDFLAGS="$saved_LDFLAGS"
613
614 dnl We emulate signals in Windows
615 AC_CHECK_DECLS(
616 [SIGHUP],
617 ,
618 [AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
619 [[
620 #include <signal.h>
621 ]]
622 )
623 AC_CHECK_DECLS(
624 [SIGINT],
625 ,
626 [AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
627 [[
628 #include <signal.h>
629 ]]
630 )
631 AC_CHECK_DECLS(
632 [SIGUSR1],
633 ,
634 [AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
635 [[
636 #include <signal.h>
637 ]]
638 )
639 AC_CHECK_DECLS(
640 [SIGUSR2],
641 ,
642 [AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
643 [[
644 #include <signal.h>
645 ]]
646 )
647 AC_CHECK_DECLS(
648 [SIGTERM],
649 ,
650 [AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
651 [[
652 #include <signal.h>
653 ]]
654 )
655
656 AC_FUNC_FORK
657
658 AC_CHECK_FUNCS([ \
659 daemon chroot getpwnam setuid nice system dup dup2 \
660 syslog openlog mlockall getrlimit getgrnam setgid \
661 setgroups flock time gettimeofday \
662 setsid chdir \
663 chsize ftruncate execve getpeereid basename dirname access \
664 epoll_create strsep \
665 ])
666
667 AC_CHECK_LIB(
668 [dl],
669 [dlopen],
670 [DL_LIBS="-ldl"]
671 )
672 AC_SUBST([DL_LIBS])
673
674 AC_CHECK_LIB(
675 [nsl],
676 [inet_ntoa],
677 [SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
678 )
679 AC_CHECK_LIB(
680 [socket],
681 [socket],
682 [SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
683 )
684 AC_CHECK_LIB(
685 [resolv],
686 [gethostbyname],
687 [SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
688 )
689 AC_SUBST([SOCKETS_LIBS])
690
691 old_LIBS="${LIBS}"
692 LIBS="${LIBS} ${SOCKETS_LIBS}"
693 AC_CHECK_FUNCS([sendmsg recvmsg])
694
695 LIBS="${old_LIBS}"
696
697 # we assume res_init() always exist, but need to find out *where*...
698 AC_SEARCH_LIBS(__res_init, resolv bind, ,
699 AC_SEARCH_LIBS(res_9_init, resolv bind, ,
700 AC_SEARCH_LIBS(res_init, resolv bind, , )))
701
702 AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
703 old_CFLAGS="${CFLAGS}"
704 CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
705 AC_CHECK_HEADERS(
706 [ \
707 net/if_tun.h net/tun/if_tun.h \
708 linux/if_tun.h \
709 tap-windows.h \
710 ],
711 [have_tap_header="yes"]
712 )
713 AC_CHECK_DECLS(
714 [TUNSETPERSIST],
715 [AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
716 ,
717 [[
718 #ifdef HAVE_LINUX_IF_TUN_H
719 #include <linux/if_tun.h>
720 #endif
721 ]]
722 )
723 CFLAGS="${old_CFLAGS}"
724 test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
725
726 AC_CHECK_LIB(
727 [selinux],
728 [setcon],
729 [SELINUX_LIBS="-lselinux"]
730 )
731 AC_SUBST([SELINUX_LIBS])
732
733 AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
734 AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
735 if test -z "${LIBPAM_LIBS}"; then
736 AC_CHECK_LIB(
737 [pam],
738 [pam_start],
739 [LIBPAM_LIBS="-lpam"]
740 )
741 fi
742
743 case "${with_mem_check}" in
744 valgrind)
745 AC_CHECK_HEADERS(
746 [valgrind/memcheck.h],
747 [
748 CFLAGS="${CFLAGS} -g -fno-inline"
749 AC_DEFINE(
750 [USE_VALGRIND],
751 [1],
752 [Use valgrind memory debugging library]
753 )
754 ],
755 [AC_MSG_ERROR([valgrind headers not found.])]
756 )
757 ;;
758 dmalloc)
759 AC_CHECK_HEADERS(
760 [dmalloc.h],
761 [AC_CHECK_LIB(
762 [dmalloc],
763 [malloc],
764 [
765 LIBS="${LIBS} -ldmalloc"
766 AC_DEFINE(
767 [DMALLOC],
768 [1],
769 [Use dmalloc memory debugging library]
770 )
771 ],
772 [AC_MSG_ERROR([dmalloc library not found.])]
773 )],
774 [AC_MSG_ERROR([dmalloc headers not found.])]
775 )
776 ;;
777 ssl)
778 AC_CHECK_LIB(
779 [ssl],
780 [CRYPTO_mem_ctrl],
781 [
782 AC_DEFINE(
783 [CRYPTO_MDEBUG],
784 [1],
785 [Use memory debugging function in OpenSSL]
786 )
787 AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
788 ],
789 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
790 )
791 ;;
792 esac
793
794 PKG_CHECK_MODULES(
795 [PKCS11_HELPER],
796 [libpkcs11-helper-1 >= 1.11],
797 [have_pkcs11_helper="yes"],
798 []
799 )
800
801
802 if test "$enable_dco" != "no"; then
803 enable_dco_arg="$enable_dco"
804 if test "${enable_iproute2}" = "yes"; then
805 AC_MSG_WARN([DCO cannot be enabled when using iproute2])
806 enable_dco="no"
807 fi
808 case "$host" in
809 *-*-linux*)
810 if test "$enable_dco" = "no"; then
811 if test "$enable_dco_arg" = "auto"; then
812 AC_MSG_WARN([DCO support disabled])
813 else
814 AC_MSG_ERROR([DCO support can't be enabled])
815 fi
816 else
817 dnl
818 dnl Include generic netlink library used to talk to ovpn-dco
819 dnl
820 PKG_CHECK_MODULES([LIBNL_GENL],
821 [libnl-genl-3.0 >= 3.4.0],
822 [have_libnl="yes"],
823 [
824 AC_MSG_ERROR([libnl-genl-3.0 package not found or too old. Is the development package and pkg-config ${pkg_config_found} installed? Must be version 3.4.0 or newer for DCO])
825 ]
826 )
827 CFLAGS="${CFLAGS} ${LIBNL_GENL_CFLAGS}"
828 LIBS="${LIBS} ${LIBNL_GENL_LIBS}"
829
830 AC_DEFINE(ENABLE_DCO, 1, [Enable shared data channel offload])
831 AC_MSG_NOTICE([Enabled ovpn-dco support for Linux])
832 fi
833 ;;
834 *-*-freebsd*)
835 AC_CHECK_HEADERS([net/if_ovpn.h],
836 [
837 LIBS="${LIBS} -lnv"
838 AC_DEFINE(ENABLE_DCO, 1, [Enable data channel offload for FreeBSD])
839 AC_MSG_NOTICE([Enabled ovpn-dco support for FreeBSD])
840 ],
841 [
842 enable_dco="no"
843 AC_MSG_WARN([DCO header not found.])
844 ]
845 )
846 if test "$enable_dco" = "no"; then
847 if test "$enable_dco_arg" = "auto"; then
848 AC_MSG_WARN([DCO support disabled])
849 else
850 AC_MSG_ERROR([DCO support can't be enabled])
851 fi
852 fi
853 ;;
854 *-mingw*)
855 AC_MSG_NOTICE([NOTE: --enable-dco ignored on Windows because it's always enabled])
856 ;;
857 *)
858 AC_MSG_NOTICE([Ignoring --enable-dco on non supported platform])
859 ;;
860 esac
861 fi
862
863 dnl
864 dnl Depend on libcap-ng on Linux
865 dnl
866 case "$host" in
867 *-*-linux*)
868 # We require pkg-config
869 PKG_CHECK_MODULES([LIBCAPNG],
870 [libcap-ng],
871 [],
872 [AC_MSG_ERROR([libcap-ng package not found. Is the development package and pkg-config ${pkg_config_found} installed?])]
873 )
874 AC_CHECK_HEADER([sys/prctl.h],,[AC_MSG_ERROR([sys/prctl.h not found!])])
875
876 CFLAGS="${CFLAGS} ${LIBCAPNG_CFLAGS}"
877 LIBS="${LIBS} ${LIBCAPNG_LIBS}"
878 AC_DEFINE(HAVE_LIBCAPNG, 1, [Enable libcap-ng support])
879 ;;
880 esac
881
882
883 if test "${with_crypto_library}" = "openssl"; then
884 AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
885 AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
886
887 if test -z "${OPENSSL_CFLAGS}" -a -z "${OPENSSL_LIBS}"; then
888 # if the user did not explicitly specify flags, try to autodetect
889 PKG_CHECK_MODULES(
890 [OPENSSL],
891 [openssl >= 1.0.2],
892 [have_openssl="yes"],
893 [AC_MSG_WARN([OpenSSL not found by pkg-config ${pkg_config_found}])] # If this fails, we will do another test next
894 )
895 OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
896 fi
897
898 saved_CFLAGS="${CFLAGS}"
899 saved_LIBS="${LIBS}"
900 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
901 LIBS="${LIBS} ${OPENSSL_LIBS}"
902
903 # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
904 # are used, check the version directly in the OpenSSL include file
905 if test "${have_openssl}" != "yes"; then
906 AC_MSG_CHECKING([additionally if OpenSSL is available and version >= 1.0.2])
907 AC_COMPILE_IFELSE(
908 [AC_LANG_PROGRAM(
909 [[
910 #include <openssl/opensslv.h>
911 ]],
912 [[
913 /* Version encoding: MNNFFPPS - see opensslv.h for details */
914 #if OPENSSL_VERSION_NUMBER < 0x10002000L
915 #error OpenSSL too old
916 #endif
917 ]]
918 )],
919 [AC_MSG_RESULT([ok])],
920 [AC_MSG_ERROR([OpenSSL version too old])]
921 )
922 fi
923
924 AC_CHECK_FUNCS([SSL_CTX_new],
925 ,
926 [AC_MSG_ERROR([openssl check failed])]
927 )
928
929 if test "${with_openssl_engine}" = "auto"; then
930 AC_COMPILE_IFELSE(
931 [AC_LANG_PROGRAM(
932 [[
933 #include <openssl/opensslv.h>
934 #include <openssl/opensslconf.h>
935 ]],
936 [[
937 /* Version encoding: MNNFFPPS - see opensslv.h for details */
938 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
939 #error Engine support disabled by default in OpenSSL 3.0+
940 #endif
941
942 /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */
943 #ifdef OPENSSL_NO_ENGINE
944 #error Engine support disabled in openssl/opensslconf.h
945 #endif
946 ]]
947 )],
948 [have_openssl_engine="yes"],
949 [have_openssl_engine="no"]
950 )
951 if test "${have_openssl_engine}" = "yes"; then
952 AC_CHECK_FUNCS(
953 [ \
954 ENGINE_load_builtin_engines \
955 ENGINE_register_all_complete \
956 ],
957 ,
958 [have_openssl_engine="no"; break]
959 )
960 fi
961 else
962 have_openssl_engine="${with_openssl_engine}"
963 if test "${have_openssl_engine}" = "yes"; then
964 AC_CHECK_FUNCS(
965 [ \
966 ENGINE_load_builtin_engines \
967 ENGINE_register_all_complete \
968 ],
969 ,
970 [AC_MSG_ERROR([OpenSSL engine support not found])]
971 )
972 fi
973 fi
974 if test "${have_openssl_engine}" = "yes"; then
975 AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
976 fi
977
978 AC_CHECK_FUNC(
979 [EVP_aes_256_gcm],
980 ,
981 [AC_MSG_ERROR([OpenSSL check for AES-256-GCM support failed])]
982 )
983
984 # All supported OpenSSL version (>= 1.0.2)
985 # have this feature
986 have_export_keying_material="yes"
987
988 CFLAGS="${saved_CFLAGS}"
989 LIBS="${saved_LIBS}"
990
991 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
992 CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
993 CRYPTO_LIBS="${OPENSSL_LIBS}"
994 elif test "${with_crypto_library}" = "mbedtls"; then
995 AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
996 AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
997
998 saved_CFLAGS="${CFLAGS}"
999 saved_LIBS="${LIBS}"
1000
1001 if test -z "${MBEDTLS_CFLAGS}" -a -z "${MBEDTLS_LIBS}"; then
1002 # if the user did not explicitly specify flags, try to autodetect
1003 LIBS="${LIBS} -lmbedtls -lmbedx509 -lmbedcrypto"
1004 AC_CHECK_LIB(
1005 [mbedtls],
1006 [mbedtls_ssl_init],
1007 [MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"],
1008 [AC_MSG_ERROR([Could not find mbed TLS.])],
1009 [${PKCS11_HELPER_LIBS}]
1010 )
1011 fi
1012
1013 CFLAGS="${MBEDTLS_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
1014 LIBS="${MBEDTLS_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
1015
1016 AC_MSG_CHECKING([mbedtls version])
1017 AC_COMPILE_IFELSE(
1018 [AC_LANG_PROGRAM(
1019 [[
1020 #include <mbedtls/version.h>
1021 ]],
1022 [[
1023 #if MBEDTLS_VERSION_NUMBER < 0x02000000 || (MBEDTLS_VERSION_NUMBER >= 0x03000000 && MBEDTLS_VERSION_NUMBER < 0x03020100)
1024 #error invalid version
1025 #endif
1026 ]]
1027 )],
1028 [AC_MSG_RESULT([ok])],
1029 [AC_MSG_ERROR([mbed TLS version >= 2.0.0 or >= 3.2.1 required])]
1030 )
1031
1032 AC_CHECK_HEADER(
1033 psa/crypto.h,
1034 [AC_DEFINE([HAVE_MBEDTLS_PSA_CRYPTO_H], [1], [yes])],
1035 [AC_DEFINE([HAVE_MBEDTLS_PSA_CRYPTO_H], [0], [no])]
1036 )
1037
1038 AC_CHECK_FUNCS(
1039 [ \
1040 mbedtls_cipher_write_tag \
1041 mbedtls_cipher_check_tag \
1042 ],
1043 ,
1044 [AC_MSG_ERROR([mbed TLS check for AEAD support failed])]
1045 )
1046
1047 AC_CHECK_FUNC(
1048 [mbedtls_ssl_tls_prf],
1049 [AC_DEFINE([HAVE_MBEDTLS_SSL_TLS_PRF], [1], [yes])],
1050 [AC_DEFINE([HAVE_MBEDTLS_SSL_TLS_PRF], [0], [no])]
1051 )
1052
1053 have_export_keying_material="yes"
1054 AC_CHECK_FUNC(
1055 [mbedtls_ssl_conf_export_keys_ext_cb],
1056 [AC_DEFINE([HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB], [1], [yes])],
1057 [AC_DEFINE([HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB], [0], [no])]
1058 )
1059 if test "x$ac_cv_func_mbedtls_ssl_conf_export_keys_ext_cb" != xyes; then
1060 AC_CHECK_FUNC(
1061 [mbedtls_ssl_set_export_keys_cb],
1062 [AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [1], [yes])],
1063 [AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [0], [no])]
1064 )
1065 if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" != xyes; then
1066 have_export_keying_material="no"
1067 fi
1068 fi
1069
1070 AC_CHECK_FUNC(
1071 [mbedtls_ctr_drbg_update_ret],
1072 AC_DEFINE([HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET], [1],
1073 [Use mbedtls_ctr_drbg_update_ret from mbed TLS]),
1074 )
1075
1076 CFLAGS="${saved_CFLAGS}"
1077 LIBS="${saved_LIBS}"
1078 AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
1079 CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
1080 CRYPTO_LIBS="${MBEDTLS_LIBS}"
1081
1082 elif test "${with_crypto_library}" = "wolfssl"; then
1083 AC_ARG_VAR([WOLFSSL_CFLAGS], [C compiler flags for wolfssl. The include directory should
1084 contain the regular wolfSSL header files but also the
1085 wolfSSL OpenSSL header files. Ex: -I/usr/local/include
1086 -I/usr/local/include/wolfssl])
1087 AC_ARG_VAR([WOLFSSL_LIBS], [linker flags for wolfssl])
1088
1089 saved_CFLAGS="${CFLAGS}"
1090 saved_LIBS="${LIBS}"
1091
1092 if test -z "${WOLFSSL_CFLAGS}" -a -z "${WOLFSSL_LIBS}"; then
1093 # if the user did not explicitly specify flags, try to autodetect
1094 PKG_CHECK_MODULES(
1095 [WOLFSSL],
1096 [wolfssl],
1097 [],
1098 [AC_MSG_ERROR([Could not find wolfSSL using pkg-config ${pkg_config_found}])]
1099 )
1100 PKG_CHECK_VAR(
1101 [WOLFSSL_INCLUDEDIR],
1102 [wolfssl],
1103 [includedir],
1104 [],
1105 [AC_MSG_ERROR([Could not find wolfSSL includedir variable.])]
1106 )
1107 WOLFSSL_CFLAGS="${WOLFSSL_CFLAGS} -I${WOLFSSL_INCLUDEDIR}/wolfssl"
1108 fi
1109 saved_CFLAGS="${CFLAGS}"
1110 saved_LIBS="${LIBS}"
1111 CFLAGS="${CFLAGS} ${WOLFSSL_CFLAGS}"
1112 LIBS="${LIBS} ${WOLFSSL_LIBS}"
1113
1114 AC_CHECK_LIB(
1115 [wolfssl],
1116 [wolfSSL_Init],
1117 [],
1118 [AC_MSG_ERROR([Could not link wolfSSL library.])]
1119 )
1120 AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header wolfssl/options.h not found!])])
1121
1122 # wolfSSL signal EKM support
1123 have_export_keying_material="yes"
1124
1125 if test "${enable_wolfssl_options_h}" = "yes"; then
1126 AC_DEFINE([EXTERNAL_OPTS_OPENVPN], [1], [Include options.h from wolfSSL library])
1127 else
1128 AC_DEFINE([WOLFSSL_USER_SETTINGS], [1], [Use custom user_settings.h file for wolfSSL library])
1129 fi
1130
1131 have_export_keying_material="yes"
1132
1133 CFLAGS="${saved_CFLAGS}"
1134 LIBS="${saved_LIBS}"
1135
1136 AC_DEFINE([ENABLE_CRYPTO_WOLFSSL], [1], [Use wolfSSL crypto library])
1137 AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use wolfSSL openssl compatibility layer])
1138 CRYPTO_CFLAGS="${WOLFSSL_CFLAGS}"
1139 CRYPTO_LIBS="${WOLFSSL_LIBS}"
1140 else
1141 AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
1142 fi
1143
1144 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
1145 AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
1146 have_lzo="yes"
1147 if test -z "${LZO_LIBS}"; then
1148 AC_CHECK_LIB(
1149 [lzo2],
1150 [lzo1x_1_15_compress],
1151 [LZO_LIBS="-llzo2"],
1152 [AC_CHECK_LIB(
1153 [lzo],
1154 [lzo1x_1_15_compress],
1155 [LZO_LIBS="-llzo"],
1156 [have_lzo="no"]
1157 )]
1158 )
1159 fi
1160 if test "${have_lzo}" = "yes"; then
1161 saved_CFLAGS="${CFLAGS}"
1162 CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
1163 AC_CHECK_HEADERS(
1164 [lzo/lzoutil.h],
1165 ,
1166 [AC_CHECK_HEADERS(
1167 [lzoutil.h],
1168 ,
1169 [AC_MSG_ERROR([lzoutil.h is missing])]
1170 )]
1171 )
1172 AC_CHECK_HEADERS(
1173 [lzo/lzo1x.h],
1174 ,
1175 [AC_CHECK_HEADERS(
1176 [lzo1x.h],
1177 ,
1178 [AC_MSG_ERROR([lzo1x.h is missing])]
1179 )]
1180 )
1181 CFLAGS="${saved_CFLAGS}"
1182 fi
1183
1184 dnl
1185 dnl check for LZ4 library
1186 dnl
1187
1188 AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
1189 AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
1190 if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
1191 if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
1192 # if the user did not explicitly specify flags, try to autodetect
1193 PKG_CHECK_MODULES([LZ4],
1194 [liblz4 >= 1.7.1 liblz4 < 100],
1195 [have_lz4="yes"],
1196 [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
1197 # We also add set LZ4_LIBS otherwise the
1198 # linker will not know about the lz4 library
1199 )
1200 fi
1201
1202 saved_CFLAGS="${CFLAGS}"
1203 saved_LIBS="${LIBS}"
1204 CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
1205 LIBS="${LIBS} ${LZ4_LIBS}"
1206
1207 # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
1208 # are used, check the version directly in the LZ4 include file
1209 if test "${have_lz4}" != "yes"; then
1210 AC_CHECK_HEADERS([lz4.h],
1211 [have_lz4h="yes"],
1212 [])
1213
1214 if test "${have_lz4h}" = "yes" ; then
1215 AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
1216 AC_COMPILE_IFELSE(
1217 [AC_LANG_PROGRAM([[
1218 #include <lz4.h>
1219 ]],
1220 [[
1221 /* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
1222 #if LZ4_VERSION_NUMBER < 10701L
1223 #error LZ4 is too old
1224 #endif
1225 ]]
1226 )],
1227 [
1228 AC_MSG_RESULT([ok])
1229 have_lz4="yes"
1230 ],
1231 [AC_MSG_ERROR([system LZ4 library is too old])]
1232 )
1233 fi
1234 fi
1235
1236 # Double check we have a few needed functions
1237 if test "${have_lz4}" = "yes" ; then
1238 AC_CHECK_LIB([lz4],
1239 [LZ4_compress_default],
1240 [],
1241 [have_lz4="no"])
1242 AC_CHECK_LIB([lz4],
1243 [LZ4_decompress_safe],
1244 [],
1245 [have_lz4="no"])
1246 fi
1247
1248 if test "${have_lz4}" != "yes" ; then
1249 AC_MSG_ERROR([No compatible LZ4 compression library found. Consider --disable-lz4])
1250 LZ4_LIBS=""
1251 fi
1252 OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
1253 OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
1254 AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
1255 CFLAGS="${saved_CFLAGS}"
1256 LIBS="${saved_LIBS}"
1257 fi
1258
1259
1260 dnl
1261 dnl Check for systemd
1262 dnl
1263 AM_CONDITIONAL([ENABLE_SYSTEMD], [test "${enable_systemd}" = "yes"])
1264 if test "$enable_systemd" = "yes" ; then
1265 PKG_CHECK_MODULES([libsystemd], [systemd libsystemd],
1266 [],
1267 [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])]
1268 )
1269
1270 PKG_CHECK_EXISTS( [libsystemd > 216],
1271 [AC_DEFINE([SYSTEMD_NEWER_THAN_216], [1],
1272 [systemd is newer than v216])]
1273 )
1274
1275 AC_CHECK_HEADERS(systemd/sd-daemon.h,
1276 ,
1277 [
1278 AC_MSG_ERROR([systemd development headers not found.])
1279 ])
1280
1281 saved_LIBS="${LIBS}"
1282 LIBS="${LIBS} ${libsystemd_LIBS}"
1283 AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])])
1284 OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}"
1285 AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration])
1286 LIBS="${saved_LIBS}"
1287
1288 if test -n "${SYSTEMD_UNIT_DIR}"; then
1289 systemdunitdir="${SYSTEMD_UNIT_DIR}"
1290 else
1291 systemdunitdir="\${libdir}/systemd/system"
1292 fi
1293
1294 if test -n "${TMPFILES_DIR}"; then
1295 tmpfilesdir="${TMPFILES_DIR}"
1296 else
1297 tmpfilesdir="\${libdir}/tmpfiles.d"
1298 fi
1299 fi
1300
1301
1302 AC_MSG_CHECKING([git checkout])
1303 GIT_CHECKOUT="no"
1304 if test -n "${GIT}" -a -d "${srcdir}/.git"; then
1305 AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
1306 GIT_CHECKOUT="yes"
1307 fi
1308 AC_MSG_RESULT([${GIT_CHECKOUT}])
1309
1310 dnl enable --x509-username-field feature if requested
1311 if test "${enable_x509_alt_username}" = "yes"; then
1312 if test "${with_crypto_library}" = "mbedtls" ; then
1313 AC_MSG_ERROR([mbed TLS does not support the --x509-username-field feature])
1314 fi
1315
1316 AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
1317 fi
1318
1319 test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
1320 test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
1321 test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
1322 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
1323 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
1324
1325 test "${enable_ntlm}" = "yes" && AC_DEFINE([ENABLE_NTLM], [1], [Enable NTLMv2 proxy support])
1326 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
1327 if test "${have_export_keying_material}" = "yes"; then
1328 AC_DEFINE(
1329 [HAVE_EXPORT_KEYING_MATERIAL], [1],
1330 [Crypto library supports keying material exporter]
1331 )
1332 fi
1333 OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
1334 OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
1335
1336 if test "${enable_plugins}" = "yes"; then
1337 OPTIONAL_DL_LIBS="${DL_LIBS}"
1338 AC_DEFINE([ENABLE_PLUGIN], [1], [Enable plug-in support])
1339 else
1340 enable_plugin_auth_pam="no"
1341 enable_plugin_down_root="no"
1342 fi
1343
1344 AM_CONDITIONAL([HAVE_SITNL], [false])
1345
1346 if test "${enable_iproute2}" = "yes"; then
1347 test "${enable_dco}" = "yes" && AC_MSG_ERROR([iproute2 support cannot be enabled when using DCO])
1348 test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
1349 AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
1350 else if test "${have_sitnl}" = "yes"; then
1351 AC_DEFINE([ENABLE_SITNL], [1], [enable sitnl support])
1352 AM_CONDITIONAL([HAVE_SITNL], [true])
1353 else if test "${WIN32}" != "yes" -a "${have_sitnl}" != "yes"; then
1354 test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
1355 test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
1356 fi
1357 fi
1358 fi
1359
1360 if test "${enable_selinux}" = "yes"; then
1361 test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
1362 OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
1363 AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
1364 fi
1365
1366 if test "${enable_lzo}" = "yes"; then
1367 test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
1368 OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
1369 OPTIONAL_LZO_LIBS="${LZO_LIBS}"
1370 AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
1371 fi
1372 if test "${enable_comp_stub}" = "yes"; then
1373 test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and lzo enabled (use --disable-lzo)])
1374 test "${enable_lz4}" = "yes" && AC_MSG_ERROR([Cannot have both comp stub and LZ4 enabled (use --disable-lz4)])
1375 AC_DEFINE([ENABLE_COMP_STUB], [1], [Enable compression stub capability])
1376 fi
1377
1378 AM_CONDITIONAL([HAVE_SOFTHSM2], [false])
1379 if test "${enable_pkcs11}" = "yes"; then
1380 test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
1381 OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
1382 OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
1383 AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
1384 PKG_CHECK_MODULES(
1385 [P11KIT],
1386 [p11-kit-1],
1387 [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
1388 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
1389 []
1390 )
1391 #
1392 # softhsm2 for pkcs11 tests
1393 #
1394 AC_ARG_VAR([P11TOOL], [full path to p11tool])
1395 AC_PATH_PROGS([P11TOOL], [p11tool],, [$PATH:/usr/local/bin:/usr/bin:/bin])
1396 AC_DEFINE_UNQUOTED([P11TOOL_PATH], ["$P11TOOL"], [Path to p11tool])
1397 AC_ARG_VAR([SOFTHSM2_UTIL], [full path to softhsm2-util])
1398 AC_ARG_VAR([SOFTHSM2_MODULE], [full path to softhsm2 module @<:@default=/usr/lib/softhsm/libsofthsm2.so@:>@])
1399 AC_PATH_PROGS([SOFTHSM2_UTIL], [softhsm2-util],, [$PATH:/usr/local/bin:/usr/bin:/bin])
1400 test -z "$SOFTHSM2_MODULE" && SOFTHSM2_MODULE=/usr/lib/softhsm/libsofthsm2.so
1401 AC_DEFINE_UNQUOTED([SOFTHSM2_UTIL_PATH], ["$SOFTHSM2_UTIL"], [Path to softhsm2-util])
1402 AC_DEFINE_UNQUOTED([SOFTHSM2_MODULE_PATH], ["$SOFTHSM2_MODULE"], [Path to softhsm2 module])
1403 if test "${with_crypto_library}" = "openssl"; then
1404 AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${P11TOOL}" -a "${SOFTHSM2_UTIL}" -a "${SOFTHSM2_MODULE}"])
1405 fi
1406 fi
1407
1408 # When testing a compiler option, we add -Werror to force
1409 # an error when the option is unsupported. This is not
1410 # required for gcc, but some compilers such as clang needs it.
1411 AC_DEFUN([ACL_CHECK_ADD_COMPILE_FLAGS], [
1412 old_cflags="$CFLAGS"
1413 CFLAGS="$1 -Werror $CFLAGS"
1414 AC_MSG_CHECKING([whether the compiler accepts $1])
1415 AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AC_MSG_RESULT([yes])]; CFLAGS="$1 $old_cflags",
1416 [AC_MSG_RESULT([no]); CFLAGS="$old_cflags"])]
1417 )
1418
1419 ACL_CHECK_ADD_COMPILE_FLAGS([-Wno-stringop-truncation])
1420 ACL_CHECK_ADD_COMPILE_FLAGS([-Wall])
1421
1422 if test "${enable_pedantic}" = "yes"; then
1423 enable_strict="yes"
1424 CFLAGS="${CFLAGS} -pedantic"
1425 AC_DEFINE([PEDANTIC], [1], [Enable pedantic mode])
1426 fi
1427 if test "${enable_strict}" = "yes"; then
1428 CFLAGS="${CFLAGS} -Wsign-compare -Wuninitialized"
1429 fi
1430 if test "${enable_werror}" = "yes"; then
1431 CFLAGS="${CFLAGS} -Werror"
1432 fi
1433
1434 if test "${enable_plugin_auth_pam}" = "yes"; then
1435 PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
1436 if test "${enable_pam_dlopen}" = "yes"; then
1437 AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
1438 PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
1439 else
1440 test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
1441 PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
1442 fi
1443 fi
1444
1445 if test "${enable_async_push}" = "yes"; then
1446 case "$host" in
1447 *-*-freebsd*)
1448 PKG_CHECK_MODULES(
1449 [OPTIONAL_INOTIFY],
1450 [libinotify],
1451 [
1452 AC_DEFINE([HAVE_SYS_INOTIFY_H])
1453 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push])
1454 ]
1455 )
1456 ;;
1457 *)
1458 AC_CHECK_HEADERS(
1459 [sys/inotify.h],
1460 AC_DEFINE([ENABLE_ASYNC_PUSH], [1], [Enable async push]),
1461 AC_MSG_ERROR([inotify.h not found.])
1462 )
1463 ;;
1464 esac
1465 fi
1466
1467 CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1468 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1469
1470 TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
1471 TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
1472 TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
1473 AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
1474 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
1475 AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
1476 AC_SUBST([TAP_WIN_COMPONENT_ID])
1477 AC_SUBST([TAP_WIN_MIN_MAJOR])
1478 AC_SUBST([TAP_WIN_MIN_MINOR])
1479
1480 AC_SUBST([OPTIONAL_DL_LIBS])
1481 AC_SUBST([OPTIONAL_SELINUX_LIBS])
1482 AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
1483 AC_SUBST([OPTIONAL_CRYPTO_LIBS])
1484 AC_SUBST([OPTIONAL_LZO_CFLAGS])
1485 AC_SUBST([OPTIONAL_LZO_LIBS])
1486 AC_SUBST([OPTIONAL_LZ4_CFLAGS])
1487 AC_SUBST([OPTIONAL_LZ4_LIBS])
1488 AC_SUBST([OPTIONAL_SYSTEMD_LIBS])
1489 AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
1490 AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
1491 AC_SUBST([OPTIONAL_INOTIFY_CFLAGS])
1492 AC_SUBST([OPTIONAL_INOTIFY_LIBS])
1493
1494 AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
1495 AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
1496
1497 AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
1498 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
1499 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
1500 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
1501 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
1502 AM_CONDITIONAL([OPENSSL_ENGINE], [test "${have_openssl_engine}" = "yes"])
1503
1504 sampledir="\$(docdir)/sample"
1505 AC_SUBST([plugindir])
1506 AC_SUBST([sampledir])
1507
1508 AC_SUBST([systemdunitdir])
1509 AC_SUBST([tmpfilesdir])
1510
1511 AC_ARG_ENABLE(
1512 [unit-tests],
1513 [AS_HELP_STRING([--disable-unit-tests],
1514 [Disables building and running the unit tests suite])],
1515 [],
1516 [enable_unit_tests="yes"]
1517 )
1518
1519 # Check if cmocka is available - needed for unit testing
1520 PKG_CHECK_MODULES(
1521 [CMOCKA], [cmocka],
1522 [have_cmocka="yes"],
1523 [AC_MSG_WARN([cmocka.pc not found on the system using pkg-config ${pkg_config_found}. Unit tests disabled])]
1524 )
1525 AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a "${have_cmocka}" = "yes" ])
1526 AC_SUBST([ENABLE_UNITTESTS])
1527
1528 TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_HELPER_LIBS}"
1529 TEST_LDFLAGS="${TEST_LDFLAGS} ${OPTIONAL_LZO_LIBS} ${CMOCKA_LIBS}"
1530 TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_HELPER_CFLAGS}"
1531 TEST_CFLAGS="${TEST_CFLAGS} ${OPTIONAL_LZO_CFLAGS}"
1532 TEST_CFLAGS="${TEST_CFLAGS} -I\$(top_srcdir)/include ${CMOCKA_CFLAGS}"
1533
1534 AC_SUBST([TEST_LDFLAGS])
1535 AC_SUBST([TEST_CFLAGS])
1536
1537 AC_CONFIG_FILES([
1538 Makefile
1539 distro/Makefile
1540 distro/systemd/Makefile
1541 doc/Makefile
1542 doc/doxygen/Makefile
1543 doc/doxygen/openvpn.doxyfile
1544 include/Makefile
1545 sample/sample-plugins/Makefile
1546 src/Makefile
1547 src/compat/Makefile
1548 src/openvpn/Makefile
1549 src/openvpnmsica/Makefile
1550 src/openvpnserv/Makefile
1551 src/plugins/Makefile
1552 src/plugins/auth-pam/Makefile
1553 src/plugins/down-root/Makefile
1554 src/tapctl/Makefile
1555 tests/Makefile
1556 tests/unit_tests/Makefile
1557 tests/unit_tests/example_test/Makefile
1558 tests/unit_tests/openvpn/Makefile
1559 tests/unit_tests/plugins/Makefile
1560 tests/unit_tests/plugins/auth-pam/Makefile
1561 sample/Makefile
1562 ])
1563 AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])
1564 AC_OUTPUT
Mirror of https://github.com/OpenVPN/openvpn.git