-
Notifications
You must be signed in to change notification settings - Fork 2
/
configure.ac
1061 lines (973 loc) · 37 KB
/
configure.ac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
AC_INIT(openconnect, 7.08)
AC_CONFIG_HEADERS([config.h])
PKG_PROG_PKG_CONFIG
AC_LANG_C
AC_CANONICAL_HOST
AM_MAINTAINER_MODE([enable])
AM_INIT_AUTOMAKE([foreign tar-ustar])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_PREREQ([2.62], [], [AC_SUBST([localedir], ['$(datadir)/locale'])])
# Upstream's pkg.m4 (since 0.27) offers this now, but define our own
# compatible version in case the local version of pkgconfig isn't new enough.
# https://bugs.freedesktop.org/show_bug.cgi?id=48743
m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR],
[AC_ARG_WITH([pkgconfigdir],
[AS_HELP_STRING([--with-pkgconfigdir],
[install directory for openconnect.pc pkg-config file])],
[],[with_pkgconfigdir='$(libdir)/pkgconfig'])
AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])])
use_openbsd_libtool=
symver_time=
symver_getline=
symver_asprintf=
symver_vasprintf=
symver_win32_strerror=
case $host_os in
*linux* | *gnu* | *nacl*)
AC_MSG_NOTICE([Applying feature macros for GNU build])
AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE])
;;
*netbsd*)
AC_MSG_NOTICE([Applying feature macros for NetBSD build])
AC_DEFINE(_POSIX_C_SOURCE, 200112L, [_POSIX_C_SOURCE])
AC_DEFINE(_NETBSD_SOURCE, 1, [_NETBSD_SOURCE])
;;
*openbsd*)
AC_MSG_NOTICE([Applying feature macros for OpenBSD build])
use_openbsd_libtool=true
;;
*solaris*|*sunos*)
AC_MSG_NOTICE([Applying workaround for broken SunOS time() function])
AC_DEFINE(HAVE_SUNOS_BROKEN_TIME, 1, [On SunOS time() can go backwards])
symver_time="openconnect__time;"
;;
*mingw32*|*mingw64*|*msys*)
AC_MSG_NOTICE([Applying feature macros for MinGW/Windows build])
# For GetVolumeInformationByHandleW() which is Vista+
AC_DEFINE(_WIN32_WINNT, 0x600, [Windows API version])
have_win=yes
# For asprintf()
AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE])
symver_win32_strerror="openconnect__win32_strerror;"
# Win32 does have the SCard API
system_pcsc_libs="-lwinscard"
system_pcsc_cflags=
;;
*darwin*)
system_pcsc_libs="-Wl,-framework -Wl,PCSC"
system_pcsc_cflags=
;;
*)
# On FreeBSD the only way to get vsyslog() visible is to define
# *nothing*, which makes absolutely everything visible.
# On Darwin enabling _POSIX_C_SOURCE breaks <sys/mount.h> because
# u_long and other types don't get defined. OpenBSD is similar.
;;
esac
AM_CONDITIONAL(OPENCONNECT_WIN32, [ test "$have_win" = "yes" ])
AC_ARG_WITH([vpnc-script],
[AS_HELP_STRING([--with-vpnc-script],
[default location of vpnc-script helper])])
if test "$with_vpnc_script" = "yes" || test "$with_vpnc_script" = ""; then
if test "$have_win" = "yes"; then
with_vpnc_script=vpnc-script-win.js
else
with_vpnc_script=/etc/vpnc/vpnc-script
if ! test -x "$with_vpnc_script"; then
AC_MSG_ERROR([${with_vpnc_script} does not seem to be executable.]
[OpenConnect will not function correctly without a vpnc-script.]
[See http://www.infradead.org/openconnect/vpnc-script.html for more details.]
[]
[If you are building a distribution package, please ensure that your]
[packaging is correct, and that a vpnc-script will be installed when the]
[user installs your package. You should provide a --with-vpnc-script=]
[argument to this configure script, giving the full path where the script]
[will be installed.]
[]
[The standard location is ${with_vpnc_script}. To bypass this error and]
[build OpenConnect to use the script from this location, even though it is]
[not present at the time you are building OpenConnect, pass the argument]
["--with-vpnc-script=${with_vpnc_script}"])
fi
fi
elif test "$with_vpnc_script" = "no"; then
AC_ERROR([You cannot disable vpnc-script.]
[OpenConnect will not function correctly without it.]
[See http://www.infradead.org/openconnect/vpnc-script.html])
elif test "$have_win" = "yes"; then
# Oh Windows how we hate thee. If user specifies a vpnc-script and it contains
# backslashes, double them all up to survive escaping.
with_vpnc_script="$(echo "${with_vpnc_script}" | sed s/\\\\/\\\\\\\\/g)"
fi
AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}", [Default vpnc-script locatin])
AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1, [Have fdevname_r() function])], [])
AC_CHECK_FUNC(statfs, [AC_DEFINE(HAVE_STATFS, 1, [Have statfs() function])], [])
AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1, [Have getline() function])],
[symver_getline="openconnect__getline;"])
AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1, [Have strcasestr() function])], [])
AC_CHECK_FUNC(strndup, [AC_DEFINE(HAVE_STRNDUP, 1, [Have strndup() function])], [])
AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1, [Have asprintf() function])],
[symver_asprintf="openconnect__asprintf;"])
AC_CHECK_FUNC(vasprintf, [AC_DEFINE(HAVE_VASPRINTF, 1, [Have vasprintf() function])],
[symver_vasprintf="openconnect__vasprintf;"])
if test -n "$symver_vasprintf"; then
AC_MSG_CHECKING([for va_copy])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <stdarg.h>
va_list a;],[
va_list b;
va_copy(b,a);
va_end(b);])],
[AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()])
AC_MSG_RESULT(va_copy)],
[AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <stdarg.h>
va_list a;],[
va_list b;
__va_copy(b,a);
va_end(b);])],
[AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()])
AC_MSG_RESULT(__va_copy)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])])
])
fi
AC_SUBST(SYMVER_TIME, $symver_time)
AC_SUBST(SYMVER_GETLINE, $symver_getline)
AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf)
AC_SUBST(SYMVER_VASPRINTF, $symver_vasprintf)
AC_SUBST(SYMVER_WIN32_STRERROR, $symver_win32_strerror)
AS_COMPILER_FLAGS(WFLAGS,
"-Wall
-Wextra
-Wno-missing-field-initializers
-Wno-sign-compare
-Wno-unused-parameter
-Werror=pointer-to-int-cast
-Wdeclaration-after-statement
-Werror-implicit-function-declaration
-Wformat-nonliteral
-Wformat-security
-Winit-self
-Wmissing-declarations
-Wmissing-include-dirs
-Wnested-externs
-Wpointer-arith
-Wwrite-strings")
AC_SUBST(WFLAGS, [$WFLAGS])
if test "$have_win" = yes; then
# Checking "properly" for __attribute__((dllimport,stdcall)) functions is non-trivial
LIBS="$LIBS -lws2_32 -lshlwapi -lsecur32 -liphlpapi"
else
AC_CHECK_FUNC(socket, [], AC_CHECK_LIB(socket, socket, [], AC_ERROR(Cannot find socket() function)))
fi
have_inet_aton=yes
AC_CHECK_FUNC(inet_aton, [], AC_CHECK_LIB(nsl, inet_aton, [], have_inet_aton=no))
if test "$have_inet_aton" = "yes"; then
AC_DEFINE(HAVE_INET_ATON, 1, [Have inet_aton()])
fi
AC_MSG_CHECKING([for IPV6_PATHMTU socket option])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/types.h>],[
int foo = IPV6_PATHMTU; (void)foo;])],
[AC_DEFINE(HAVE_IPV6_PATHMTU, 1, [Have IPV6_PATHMTU socket option])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
AC_CHECK_FUNC(__android_log_vprint, [], AC_CHECK_LIB(log, __android_log_vprint, [], []))
AC_ENABLE_SHARED
AC_DISABLE_STATIC
AC_CHECK_FUNC(nl_langinfo, [AC_DEFINE(HAVE_NL_LANGINFO, 1, [Have nl_langinfo() function])], [])
if test "$ac_cv_func_nl_langinfo" = "yes"; then
AM_ICONV
if test "$am_cv_func_iconv" = "yes"; then
AC_SUBST(ICONV_LIBS, [$LTLIBICONV])
AC_SUBST(ICONV_CFLAGS, [$INCICONV])
AC_DEFINE(HAVE_ICONV, 1, [Have iconv() function])
fi
fi
AM_CONDITIONAL(OPENCONNECT_ICONV, [test "$am_cv_func_iconv" = "yes"])
AC_ARG_ENABLE([nls],
AS_HELP_STRING([--disable-nls], [Do not use Native Language Support]),
[USE_NLS=$enableval], [USE_NLS=yes])
LIBINTL=
if test "$USE_NLS" = "yes"; then
AC_PATH_PROG(MSGFMT, msgfmt)
if test "$MSGFMT" = ""; then
AC_ERROR([msgfmt could not be found. Try configuring with --disable-nls])
fi
fi
LIBINTL=
if test "$USE_NLS" = "yes"; then
AC_MSG_CHECKING([for functional NLS support])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <locale.h>
#include <libintl.h>],[
setlocale(LC_ALL, "");
bindtextdomain("openconnect", "/tmp");
(void)dgettext("openconnect", "foo");])],
[AC_MSG_RESULT(yes)],
[AC_LIB_LINKFLAGS_BODY([intl])
oldLIBS="$LIBS"
LIBS="$LIBS $LIBINTL"
oldCFLAGS="$LIBS"
CFLAGS="$CFLAGS $INCINTL"
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <locale.h>
#include <libintl.h>],[
setlocale(LC_ALL, "");
bindtextdomain("openconnect", "/tmp");
(void)dgettext("openconnect", "foo");])],
[AC_MSG_RESULT(yes (with $INCINTL $LIBINTL))],
[AC_MSG_RESULT(no)
USE_NLS=no])
LIBS="$oldLIBS"])
fi
if test "$USE_NLS" = "yes"; then
AC_SUBST(INTL_LIBS, [$LTLIBINTL])
AC_SUBST(INTL_CFLAGS, [$INCINTL])
AC_DEFINE(ENABLE_NLS, 1, [Enable NLS support])
fi
AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
AC_ARG_WITH([system-cafile],
AS_HELP_STRING([--with-system-cafile],
[Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
# We will use GnuTLS by default if it's present. We used to suppport
# using GnuTLS for the TLS connections and OpenSSL for DTLS, but none
# of the reasons for that make sense any more.
AC_ARG_WITH([gnutls],
AS_HELP_STRING([--without-gnutls], [Do not attempt to use GnuTLS; use OpenSSL instead]))
AC_ARG_WITH([openssl],
AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir]))
ssl_library=
esp=
dtls=
if test "$with_openssl" != "" -a "$with_openssl" != "no"; then
if test "$with_gnutls" = ""; then
with_gnutls=no
elif test "$with_gnutls" = "yes"; then
AC_MSG_ERROR([You cannot choose both GnuTLS and OpenSSL.])
fi
fi
# First, check if GnuTLS exists and is usable
if test "$with_gnutls" = "yes" || test "$with_gnutls" = ""; then
PKG_CHECK_MODULES(GNUTLS, gnutls >= 2.12.16,
[if ! $PKG_CONFIG --atleast-version=2.12.16 gnutls; then
AC_MSG_WARN([Your GnuTLS is too old. At least v2.12.16 is required])
elif test "$have_win" = "yes"; then
AC_MSG_CHECKING([for broken GnuTLS Windows versions])
if $PKG_CONFIG --atleast-version=3.2.0 gnutls &&
! $PKG_CONFIG --atleast-version=3.2.10 gnutls; then
AC_MSG_RESULT([broken])
else
AC_MSG_RESULT([OK])
ssl_library=GnuTLS
fi
else
ssl_library=GnuTLS
fi], [:])
elif test "$with_gnutls" != "no"; then
AC_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
fi
# Do we need to look for OpenSSL?
if test "$ssl_library" = ""; then
if test "$with_gnutls" = "yes" -o "$with_openssl" = "no"; then
AC_MSG_ERROR([Suitable GnuTLS required but not found])
elif test "$with_openssl" = "yes" -o "$with_openssl" = ""; then
PKG_CHECK_MODULES(OPENSSL, openssl, [AC_SUBST(SSL_PC, [openssl])],
[oldLIBS="$LIBS"
LIBS="$LIBS -lssl -lcrypto"
AC_MSG_CHECKING([for OpenSSL without pkg-config])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
#include <openssl/err.h>],[
SSL_library_init();
ERR_clear_error();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();])],
[AC_MSG_RESULT(yes)
AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"])
AC_SUBST([OPENSSL_CFLAGS], [])]
AC_SUBST([openssl_pc_libs], [$OPENSSL_LIBS]),
[AC_MSG_RESULT(no)
AC_ERROR([Could not build against OpenSSL])])
LIBS="$oldLIBS"])
ssl_library=OpenSSL
PKG_CHECK_MODULES(P11KIT, p11-kit-1,
[PKG_CHECK_MODULES(LIBP11, libp11,
[AC_DEFINE(HAVE_LIBP11, 1, [Have libp11 and p11-kit for OpenSSL])
AC_SUBST(P11KIT_PC, ["libp11 p11-kit-1"])
proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
pkcs11_support="libp11"
AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
[:])], [:])
else
OPENSSL_CFLAGS="-I${with_openssl}/include ${OPENSSL_CFLAGS}"
if test -r "${with_openssl}/libssl.a" -a -r "${with_openssl}/libcrypto.a"; then
OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz"
elif test -r "${with_openssl}/crypto/.libs/libcrypto.a" -a \
-r "${with_openssl}/ssl/.libs/libssl.a"; then
OPENSSL_LIBS="${with_openssl}/ssl/.libs/libssl.a ${with_openssl}/crypto/.libs/libcrypto.a -ldl -lz"
else
AC_ERROR([Could not found OpenSSL libraries]);
fi
AC_SUBST(OPENSSL_CFLAGS)
AC_SUBST(OPENSSL_LIBS)
enable_static=yes
enable_shared=no
ssl_library=OpenSSL
fi
fi
AC_ARG_WITH([openssl-version-check],
AS_HELP_STRING([--without-openssl-version-check], [Do not check for known-broken OpenSSL versions]))
AC_ARG_WITH([default-gnutls-priority],
AS_HELP_STRING([--with-default-gnutls-priority=STRING],
[Provide a default string as GnuTLS priority string]),
default_gnutls_priority=$withval)
if test -n "$default_gnutls_priority"; then
AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string])
fi
case "$ssl_library" in
OpenSSL)
oldLIBS="${LIBS}"
oldCFLAGS="${CFLAGS}"
LIBS="${LIBS} ${OPENSSL_LIBS}"
CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
# Check for the various known-broken versions of OpenSSL, which includes LibreSSL.
if test "$with_openssl_version_check" != "no"; then
AC_MSG_CHECKING([for known-broken versions of OpenSSL])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],
[#if defined(LIBRESSL_VERSION_NUMBER)
#error Bad OpenSSL
#endif
])],
[],
[AC_MSG_RESULT(yes)
AC_MSG_ERROR([LibreSSL does not support Cisco DTLS.]
[Build with OpenSSL or GnuTLS instead.])])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \
(OPENSSL_VERSION_NUMBER == 0x10002000L || \
(OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \
(OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L))
#error Bad OpenSSL
#endif
])],
[],
[AC_MSG_RESULT(yes)
AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.]
[See http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest]
[Add --without-openssl-version-check to configure args to avoid this check, or]
[perhaps consider building with GnuTLS instead.])])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \
(OPENSSL_VERSION_NUMBER == 0x1000200fL)
#error Bad OpenSSL
#endif
])],
[],
[AC_MSG_RESULT(yes)
AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.]
[See http://rt.openssl.org/Ticket/Display.html?id=3703&user=guest&pass=guest]
[and http://rt.openssl.org/Ticket/Display.html?id=3711&user=guest&pass=guest]
[Add --without-openssl-version-check to configure args to avoid this check, or]
[perhaps consider building with GnuTLS instead.])])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \
((OPENSSL_VERSION_NUMBER >= 0x10001110L && OPENSSL_VERSION_NUMBER <= 0x10001150L) || \
(OPENSSL_VERSION_NUMBER >= 0x10002050L && OPENSSL_VERSION_NUMBER <= 0x10002090L))
#error Bad OpenSSL
#endif
])],
[],
[AC_MSG_RESULT(yes)
AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.]
[See http://rt.openssl.org/Ticket/Display.html?id=4631&user=guest&pass=guest]
[Add --without-openssl-version-check to configure args to avoid this check, or]
[perhaps consider building with GnuTLS instead.])])
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/engine.h>],
[ENGINE_by_id("foo");])],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])],
[AC_MSG_RESULT(no)
AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])])
AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>
#include <stdlib.h>
extern void dtls1_stop_timer(SSL *);],
[dtls1_stop_timer(NULL);])],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])],
[AC_MSG_RESULT(no)])
AC_MSG_CHECKING([for DTLSv1_2_client_method() in OpenSSL])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],
[DTLSv1_2_client_method();])],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_DTLS12, [1], [OpenSSL has DTLSv1_2_client_method() function])],
[AC_MSG_RESULT(no)])
AC_CHECK_FUNC(HMAC_CTX_copy,
[esp=yes],
[AC_MSG_WARN([ESP support will be disabled])])
LIBS="${oldLIBS}"
CFLAGS="${oldCFLAGS}"
dtls=yes
AC_DEFINE(OPENCONNECT_OPENSSL, 1, [Using OpenSSL])
AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
;;
GnuTLS)
oldlibs="$LIBS"
oldcflags="$CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
[AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1, [From GnuTLS 3.0.20])], [])
AC_CHECK_FUNC(gnutls_pkcs11_get_raw_issuer,
[AC_DEFINE(HAVE_GNUTLS_PKCS11_GET_RAW_ISSUER, 1, [From GnuTLS 3.2.7])], [])
AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1, [From GnuTLS 3.0.20])], [])
if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
# We will need to tell GnuTLS the path to the system CA file.
if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
unset with_system_cafile
AC_MSG_CHECKING([For location of system CA trust file])
for file in /etc/ssl/certs/ca-certificates.crt \
/etc/pki/tls/cert.pem \
/usr/local/share/certs/ca-root-nss.crt \
/etc/ssl/cert.pem \
/etc/ssl/ca-bundle.pem \
; do
if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
with_system_cafile=${file}
break
fi
done
AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
elif test "$with_system_cafile" = "no"; then
AC_MSG_ERROR([You cannot disable the system CA certificate file.])
fi
if test "$with_system_cafile" = ""; then
AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
[Your GnuTLS requires a path to a CA certificate store. This is a file]
[which contains a list of the Certificate Authorities which are trusted.]
[Most distributions ship with this file in a standard location, but none]
[the known standard locations exist on your system. You should provide a]
[--with-system-cafile= argument to this configure script, giving the full]
[path to a default CA certificate file for GnuTLS to use. Also, please]
[send full details of your system, including 'uname -a' output and the]
[location of the system CA certificate store on your system, to the]
[[email protected] mailing list.])
fi
AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"], [Location of System CA trust file])
fi
AC_CHECK_FUNC(gnutls_cipher_set_iv,
[esp=yes], [])
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1, [From GnuTLS 3.1.0])], [])
AC_CHECK_FUNC(gnutls_certificate_set_key,
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1, [From GnuTLS 3.0.4])], [])
AC_CHECK_FUNC(gnutls_pk_to_sign,
[AC_DEFINE(HAVE_GNUTLS_PK_TO_SIGN, 1, [From GnuTLS 3.1.0])], [])
AC_CHECK_FUNC(gnutls_pubkey_export2,
[AC_DEFINE(HAVE_GNUTLS_PUBKEY_EXPORT2, 1, [From GnuTLS 3.1.3])], [])
AC_CHECK_FUNC(gnutls_x509_crt_set_pin_function,
[AC_DEFINE(HAVE_GNUTLS_X509_CRT_SET_PIN_FUNCTION, 1, [From GnuTLS 3.1.0])], [])
AC_CHECK_FUNC(gnutls_url_is_supported,
[AC_DEFINE(HAVE_GNUTLS_URL_IS_SUPPORTED, 1, [From GnuTLS 3.1.0])], [])
AC_CHECK_FUNC(gnutls_system_key_add_x509,
[AC_DEFINE(HAVE_GNUTLS_SYSTEM_KEYS, 1, [From GnuTLS 3.4.0])], [])
AC_CHECK_FUNC(gnutls_session_set_premaster,
[dtls=yes], [])
AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
[PKG_CHECK_MODULES(P11KIT, p11-kit-1,
[AC_DEFINE(HAVE_P11KIT, 1, [Have. P11. Kit.])
pkcs11_support=GnuTLS
AC_SUBST(P11KIT_PC, p11-kit-1)],
[:])], [])
LIBS="$oldlibs -ltspi"
AC_MSG_CHECKING([for tss library])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <trousers/tss.h>
#include <trousers/trousers.h>],[
int err = Tspi_Context_Create((void *)0);
Trspi_Error_String(err);])],
[AC_MSG_RESULT(yes)
AC_SUBST([TSS_LIBS], [-ltspi])
AC_SUBST([TSS_CFLAGS], [])
AC_DEFINE(HAVE_TROUSERS, 1, [Have Trousers TSS library])],
[AC_MSG_RESULT(no)])
LIBS="$oldlibs"
CFLAGS="$oldcflags"
AC_DEFINE(OPENCONNECT_GNUTLS, 1, [Using GnuTLS])
AC_SUBST(SSL_PC, [gnutls])
AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
;;
*)
# This should never happen
AC_MSG_ERROR([No SSL library selected])
;;
esac
test_pkcs11=
if test "$pkcs11_support" != ""; then
AC_CHECK_PROG(test_pkcs11, softhsm2-util, yes)
fi
AM_CONDITIONAL(TEST_PKCS11, [ test "$test_pkcs11" = "yes" ])
# The test is OpenSSL-only for now.
AM_CONDITIONAL(CHECK_DTLS, [ test "$ssl_library" = "OpenSSL" ])
AC_ARG_ENABLE([dtls-xfail],
AS_HELP_STRING([--enable-dtls-xfail], [Only for gitlab CI. Do not use]))
AM_CONDITIONAL(DTLS_XFAIL, [test "$enable_dtls_xfail" = "yes" ])
AC_ARG_ENABLE([dsa-tests],
AS_HELP_STRING([--disable-dsa-tests], [Disable DSA keys in self-test]),
[], [enable_dsa_tests=yes])
AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"])
AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" = "GnuTLS" ])
AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ])
AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ])
AM_CONDITIONAL(OPENCONNECT_DTLS, [ test "$dtls" != "" ])
if test "$esp" != ""; then
AC_DEFINE(HAVE_ESP, 1, [Build with ESP support])
fi
if test "$dtls" != ""; then
AC_DEFINE(HAVE_DTLS, 1, [Build with DTLS support])
fi
AC_ARG_WITH(lz4,
AS_HELP_STRING([--without-lz4], [disable support for LZ4 compression]),
test_for_lz4=$withval,
test_for_lz4=yes)
lz4_pkg=no
if test "$test_for_lz4" = yes; then
PKG_CHECK_MODULES([LIBLZ4], [liblz4], [
AC_SUBST(LIBLZ4_PC, liblz4)
AC_DEFINE([HAVE_LZ4], [], [LZ4 was found])
lz4_pkg=yes
oldLIBS="$LIBS"
LIBS="$LIBS $LIBLZ4_LIBS"
oldCFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $LIBLZ4_CFLAGS"
AC_MSG_CHECKING([for LZ4_compress_default()])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <lz4.h>],[
LZ4_compress_default("", (char *)0, 0, 0);])],
[AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_LZ4_COMPRESS_DEFAULT], [], [From LZ4 r129])
],
[AC_MSG_RESULT(no)])
LIBS="$oldLIBS"
CFLAGS="$oldCFLAGS"
],
[
AC_MSG_WARN([[
***
*** lz4 not found.
*** ]])
])
fi
# For some bizarre reason now that we use AM_ICONV, the mingw32 build doesn't
# manage to set EGREP properly in the created ./libtool script. Make sure it's
# found.
AC_PROG_EGREP
# Needs to happen after we default to static/shared libraries based on OpenSSL
AC_PROG_LIBTOOL
if test "$use_openbsd_libtool" = "true" && test -x /usr/bin/libtool; then
echo using OpenBSD libtool
LIBTOOL=/usr/bin/libtool
fi
AM_CONDITIONAL(OPENBSD_LIBTOOL, [ test "$use_openbsd_libtool" = "true" ])
AX_CHECK_VSCRIPT
PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
[oldLIBS="$LIBS"
LIBS="$LIBS -lz"
AC_MSG_CHECKING([for zlib without pkg-config])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <zlib.h>],[
z_stream zs;
deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
-12, 9, Z_DEFAULT_STRATEGY);])],
[AC_MSG_RESULT(yes)
AC_SUBST([ZLIB_LIBS], [-lz])
AC_SUBST([ZLIB_CFLAGS], [])],
[AC_MSG_RESULT(no)
AC_ERROR([Could not build against zlib])])
LIBS="$oldLIBS"])
AC_ARG_WITH([libproxy],
AS_HELP_STRING([--without-libproxy],
[Build without libproxy library [default=auto]]))
AS_IF([test "x$with_libproxy" != "xno"], [
PKG_CHECK_MODULES(LIBPROXY, libproxy-1.0,
[AC_SUBST(LIBPROXY_PC, libproxy-1.0)
AC_DEFINE([LIBPROXY_HDR], ["proxy.h"], [libproxy header file])
libproxy_pkg=yes],
libproxy_pkg=no)
], [libproxy_pkg=disabled])
dnl Libproxy *can* exist without a .pc file, and its header may be called
dnl libproxy.h in that case.
if (test "$libproxy_pkg" = "no"); then
AC_MSG_CHECKING([for libproxy])
oldLIBS="$LIBS"
LIBS="$LIBS -lproxy"
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <libproxy.h>],
[(void)px_proxy_factory_new();])],
[AC_MSG_RESULT(yes (with libproxy.h))
AC_DEFINE([LIBPROXY_HDR], ["libproxy.h"])
AC_SUBST([LIBPROXY_LIBS], [-lproxy])
libproxy_pkg=yes],
[AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <proxy.h>],
[(void)px_proxy_factory_new();])],
[AC_MSG_RESULT(yes (with proxy.h))
AC_DEFINE([LIBPROXY_HDR], ["proxy.h"])
AC_SUBST([LIBPROXY_LIBS], [-lproxy])
libproxy_pkg=yes],
[AC_MSG_RESULT(no)])])
LIBS="$oldLIBS"
fi
AC_ARG_WITH([stoken],
AS_HELP_STRING([--without-stoken],
[Build without libstoken library [default=auto]]))
AS_IF([test "x$with_stoken" != "xno"], [
PKG_CHECK_MODULES(LIBSTOKEN, stoken,
[AC_SUBST(LIBSTOKEN_PC, stoken)
AC_DEFINE([HAVE_LIBSTOKEN], 1, [Have libstoken])
libstoken_pkg=yes],
libstoken_pkg=no)
], [libstoken_pkg=disabled])
AM_CONDITIONAL(OPENCONNECT_STOKEN, [test "$libstoken_pkg" = "yes"])
AC_ARG_WITH([libpcsclite],
AS_HELP_STRING([--without-libpcsclite],
[Build without libpcsclite library (for Yubikey support) [default=auto]]))
AS_IF([test "x$with_libpcsclite" != "xno"], [
if test "$system_pcsc_libs" != ""; then
AC_SUBST(LIBPCSCLITE_LIBS, "$system_pcsc_libs")
AC_SUBST(LIBPCSCLITE_CFLAGS, "$system_pcsc_cflags")
AC_SUBST(system_pcsc_libs)
libpcsclite_pkg=yes
else
PKG_CHECK_MODULES(LIBPCSCLITE, libpcsclite,
[AC_SUBST(LIBPCSCLITE_PC, libpcsclite)
libpcsclite_pkg=yes],
libpcsclite_pkg=no)
fi
], [libpcsclite_pkg=disabled])
if test "$libpcsclite_pkg" = "yes"; then
AC_DEFINE([HAVE_LIBPCSCLITE], 1, [Have libpcsclite])
fi
AM_CONDITIONAL(OPENCONNECT_LIBPCSCLITE, [test "$libpcsclite_pkg" = "yes"])
AC_ARG_WITH([libpskc],
AS_HELP_STRING([--without-libpskc],
[Build without libpskc library [default=auto]]))
AS_IF([test "x$with_libpskc" != "xno"], [
PKG_CHECK_MODULES(LIBPSKC, [libpskc >= 2.2.0],
[AC_SUBST(LIBPSKC_PC, libpskc)
AC_DEFINE([HAVE_LIBPSKC], 1, [Have libpskc])
libpskc_pkg=yes],
libpskc_pkg=no)])
linked_gssapi=no
AC_ARG_WITH([gssapi],
AS_HELP_STRING([--without-gssapi],
[Build without GSSAPI support [default=auto]]))
AC_DEFUN([GSSAPI_CHECK_BUILD],[
gss_old_libs="$LIBS"
LIBS="$LIBS ${GSSAPI_LIBS}"
AC_MSG_CHECKING([GSSAPI compilation with "${GSSAPI_LIBS}"])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <stdlib.h>
#include GSSAPI_HDR],[
OM_uint32 major, minor;
gss_buffer_desc b = GSS_C_EMPTY_BUFFER;
gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ctx, GSS_C_NO_NAME, GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
NULL, NULL, NULL);])],
[linked_gssapi=yes
AC_MSG_RESULT(yes)],
[linked_gssapi=no
AC_MSG_RESULT(no)])
LIBS="$gss_old_libs"
])
# Attempt to work out how to build with GSSAPI. Mostly, krb5-config will
# exist and work. Tested on FreeBSD 9, OpenBSD 5.5, NetBSD 6.1.4. Solaris
# has krb5-config but it doesn't do GSSAPI so hard-code the results there.
# Older OpenBSD (I tested 5.2) lacks krb5-config so leave that as an example.
if test "$with_gssapi" != "no"; then
found_gssapi=no
if test "${with_gssapi}" != "yes" -a "${with_gssapi}" != "" ; then
gssapi_root="${with_gssapi}"
else
gssapi_root=""
fi
# First: if they specify GSSAPI_LIBS and/or GSSAPI_CFLAGS then use them.
if test "$GSSAPI_LIBS$GSSAPI_CFLAGS" != ""; then
found_gssapi=yes
fi
# Second: try finding a viable krb5-config that supports gssapi
if test "$found_gssapi" = "no"; then
if test -n "${gssapi_root}"; then
krb5path="${gssapi_root}/bin:$PATH"
else
krb5path="/usr/kerberos/bin:$PATH"
fi
if test -n "$host_alias"; then
AC_PATH_PROG(KRB5_CONFIG, [${host_alias}-krb5-config], [], [$krb5path])
fi
if test "$KRB5_CONFIG" = ""; then
AC_PATH_PROG(KRB5_CONFIG, [krb5-config], [], [$krb5path])
fi
if test "$KRB5_CONFIG" != ""; then
AC_MSG_CHECKING([whether $KRB5_CONFIG supports gssapi])
if "${KRB5_CONFIG}" --cflags gssapi > /dev/null 2>/dev/null; then
AC_MSG_RESULT(yes)
found_gssapi=yes
GSSAPI_LIBS="`"${KRB5_CONFIG}" --libs gssapi`"
GSSAPI_CFLAGS="`"${KRB5_CONFIG}" --cflags gssapi`"
else
AC_MSG_RESULT(no)
fi
fi
fi
# Third: look for <gssapi.h> or <gssapi/gssapi.h> in some likely places,
# and we'll worry about how to *link* it in a moment...
if test "$found_gssapi" = "no"; then
if test -n "${gssapi_root}"; then
if test -r "${with_gssapi}/include/gssapi.h" -o \
-r "${with_gssapi}/include/gssapi/gssapi.h"; then
GSSAPI_CFLAGS="-I\"${with_gssapi}/include\""
fi
else
if test -r /usr/kerberos/include/gssapi.h -o \
-r /usr/kerberos/include/gssapi/gssapi.h; then
GSSAPI_CFLAGS=-I/usr/kerberos/include
elif test -r /usr/include/kerberosV/gssapi.h -o \
-r /usr/include/kerberosV/gssapi/gssapi.h; then
# OpenBSD 5.2 puts it here
GSSAPI_CFLAGS=-I/usr/include/kerberosV
else
# Maybe it'll Just Work
GSSAPI_CFLAGS=
fi
fi
fi
oldcflags="$CFLAGS"
CFLAGS="$CFLAGS ${GSSAPI_CFLAGS}"
# OK, now see if we've correctly managed to find gssapi.h at least...
gssapi_hdr=
AC_CHECK_HEADER([gssapi/gssapi.h],
[gssapi_hdr="<gssapi/gssapi.h>"],
[AC_CHECK_HEADER([gssapi.h],
[gssapi_hdr="<gssapi.h>"],
[AC_MSG_WARN([Cannot find <gssapi/gssapi.h> or <gssapi.h>])])])
# Finally, unless we've already failed, see if we can link it.
linked_gssapi=no
if test -n "${gssapi_hdr}"; then
AC_DEFINE_UNQUOTED(GSSAPI_HDR, $gssapi_hdr, [GSSAPI header])
if test "$found_gssapi" = "yes"; then
# We think we have GSSAPI_LIBS already so try it...
GSSAPI_CHECK_BUILD
else
LFLAG=
if test -n "$gssapi_root"; then
LFLAG="-L\"${gssapi_root}/lib$libsuff\""
fi
# Solaris, HPUX, etc.
GSSAPI_LIBS="$LFLAG -lgss"
GSSAPI_CHECK_BUILD
if test "$linked_gssapi" = "no"; then
GSSAPI_LIBS="$LFLAG -lgssapi"
GSSAPI_CHECK_BUILD
fi
if test "$linked_gssapi" = "no"; then
GSSAPI_LIBS="$LFLAG -lgssapi_krb5"
GSSAPI_CHECK_BUILD
fi
if test "$linked_gssapi" = "no"; then
# OpenBSD 5.2 at least
GSSAPI_LIBS="$LFLAG -lgssapi -lkrb5 -lcrypto"
GSSAPI_CHECK_BUILD
fi
if test "$linked_gssapi" = "no"; then
# MIT
GSSAPI_LIBS="$LFLAG -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
GSSAPI_CHECK_BUILD
fi
if test "$linked_gssapi" = "no"; then
# Heimdal
GSSAPI_LIBS="$LFLAG -lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lgssapi"
GSSAPI_CHECK_BUILD
fi
if test "$linked_gssapi" = "no"; then
AC_MSG_WARN([Cannot find GSSAPI. Try setting GSSAPI_LIBS and GSSAPI_CFLAGS manually])
fi
fi
fi
CFLAGS="$oldcflags"
if test "$linked_gssapi" = "yes"; then
AC_DEFINE([HAVE_GSSAPI], 1, [Have GSSAPI support])
AC_SUBST(GSSAPI_CFLAGS)
AC_SUBST(GSSAPI_LIBS)
elif test "$with_gssapi" = ""; then
AC_MSG_WARN([Building without GSSAPI support]);
unset GSSAPI_CFLAGS
unset GSSAPI_LIBS
else
AC_MSG_ERROR([GSSAPI support requested but not found. Try setting GSSAPI_LIBS/GSSAPI_CFLAGS])
fi
fi
AM_CONDITIONAL(OPENCONNECT_GSSAPI, [test "$linked_gssapi" = "yes"])
AC_ARG_WITH([java],
AS_HELP_STRING([--with-java(=DIR)],
[Build JNI bindings using jni.h from DIR [default=no]]),
[], [with_java=no])
if test "$with_java" = "yes"; then
AX_JNI_INCLUDE_DIR
for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do
JNI_CFLAGS="$JNI_CFLAGS -I$JNI_INCLUDE_DIR"
done
elif test "$with_java" = "no"; then
JNI_CFLAGS=""
else
JNI_CFLAGS="-I$with_java"
fi
if test "x$JNI_CFLAGS" != "x"; then
oldCFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $JNI_CFLAGS"
AC_MSG_CHECKING([jni.h usability])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <jni.h>],
[jint foo = 0; (void)foo;])],
AC_MSG_RESULT([yes]),
[AC_MSG_RESULT([no])
AC_MSG_ERROR([unable to compile JNI test program])])
CFLAGS="$oldCFLAGS"
AC_SUBST(JNI_CFLAGS, [$JNI_CFLAGS])
fi
AM_CONDITIONAL(OPENCONNECT_JNI, [test "$JNI_CFLAGS" != ""])
AC_ARG_ENABLE([jni-standalone],
AS_HELP_STRING([--enable-jni-standalone],
[build JNI stubs directly into libopenconnect.so [default=no]]),
[jni_standalone=$enableval],
[jni_standalone=no])
AM_CONDITIONAL(JNI_STANDALONE, [test $jni_standalone = yes])
symver_java=
if test "$jni_standalone" = "yes" ; then
symver_java=$(sed -n '/JNIEXPORT/{s/^JNIEXPORT.*\(Java_.*\) *(/\1;/ p}' ${srcdir}/jni.c)
# Remove the newlines between each item.
symver_java=$(echo $symver_java)
fi
AC_SUBST(SYMVER_JAVA, $symver_java)
AC_CHECK_HEADER([if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["if_tun.h"], [if_tun.h include path])],
[AC_CHECK_HEADER([linux/if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["linux/if_tun.h"])],
[AC_CHECK_HEADER([net/if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["net/if_tun.h"])],
[AC_CHECK_HEADER([net/tun/if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])])
AC_CHECK_HEADER([net/if_utun.h], AC_DEFINE([HAVE_NET_UTUN_H], 1, [Have net/utun.h]))
AC_CHECK_HEADER([alloca.h], AC_DEFINE([HAVE_ALLOCA_H], 1, [Have alloca.h]))
AC_CHECK_HEADER([endian.h],
[AC_DEFINE([ENDIAN_HDR], [<endian.h>], [endian header include path])],
[AC_CHECK_HEADER([sys/endian.h],
[AC_DEFINE([ENDIAN_HDR], [<sys/endian.h>])],
[AC_CHECK_HEADER([sys/isa_defs.h],
[AC_DEFINE([ENDIAN_HDR], [<sys/isa_defs.h>])])])])
build_www=yes
AC_PATH_PROGS(PYTHON, [python2 python], [], $PATH:/bin:/usr/bin)
if (test -n "${ac_cv_path_PYTHON}"); then
AC_MSG_CHECKING([that python is version 2.x])
if $PYTHON --version 2>&1 | grep "Python 2\." > /dev/null; then
AC_MSG_RESULT([yes])
AC_SUBST(PYTHON, ${ac_cv_path_PYTHON})
else
AC_MSG_RESULT([no])
AC_MSG_NOTICE([Python is not v2.x; not building HTML pages])
build_www=no
fi
else
AC_MSG_NOTICE([Python not found; not building HTML pages])
build_www=no
fi
if test "${build_www}" = "yes"; then
AC_MSG_CHECKING([if groff can create UTF-8 XHTML])
AC_PATH_PROGS_FEATURE_CHECK([GROFF], [groff],
[$ac_path_GROFF -t -K UTF-8 -mandoc -Txhtml /dev/null > /dev/null 2>&1 &&
ac_cv_path_GROFF=$ac_path_GROFF])
if test -n "$ac_cv_path_GROFF"; then
AC_MSG_RESULT(yes)
AC_SUBST(GROFF, ${ac_cv_path_GROFF})
else
AC_MSG_RESULT([no. Not building HTML pages])
build_www=no
fi
fi
AM_CONDITIONAL(BUILD_WWW, [test "${build_www}" = "yes"])
# Checks for tests
PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_cwrap=no)
AM_CONDITIONAL(HAVE_CWRAP, test "x$have_cwrap" != xno)
AC_SUBST([CONFIG_STATUS_DEPENDENCIES],
['$(top_srcdir)/po/LINGUAS \
$(top_srcdir)/openconnect.h \
$(top_srcdir)/libopenconnect.map.in \
$(top_srcdir)/openconnect.8.in \
$(top_srcdir)/tests/softhsm2.conf.in \
$(top_srcdir)/tests/configs/test-user-cert.config.in \
$(top_srcdir)/tests/configs/test-user-pass.config.in'])
RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"`
# Remove newlines
LINGUAS=`echo $RAWLINGUAS`
AC_SUBST(LINGUAS)