1 AC_INIT(openconnect, 4.05)
5 AM_MAINTAINER_MODE([enable])
6 AM_INIT_AUTOMAKE([foreign])
7 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
9 # Define htmldir and localedir for users of ancient autoconf building from git
10 AC_PREREQ([2.59c], [], [AC_SUBST([htmldir], [m4_ifset([AC_PACKAGE_TARNAME],
11 ['${datadir}/doc/${PACKAGE_TARNAME}'],
12 ['${datadir}/doc/${PACKAGE}'])
15 AC_PREREQ([2.60], [], [AC_SUBST([localedir], ['$(datadir)/locale'])])
17 # Upstream's pkg.m4 (since 0.27) offers this now, but define our own
18 # compatible version in case the local version of pkgconfig isn't new enough.
19 # https://bugs.freedesktop.org/show_bug.cgi?id=48743
20 m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR],
21 [AC_ARG_WITH([pkgconfigdir],
22 [AS_HELP_STRING([--with-pkgconfigdir],
23 [install directory for openconnect.pc pkg-config file])],
24 [],[with_pkgconfigdir='$(libdir)/pkgconfig'])
25 AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])])
27 AC_ARG_WITH([vpnc-script],
28 [AS_HELP_STRING([--with-vpnc-script],
29 [default location of vpnc-script helper])])
31 if test "$with_vpnc_script" = "yes" || test "$with_vpnc_script" = ""; then
32 with_vpnc_script=/etc/vpnc/vpnc-script
33 if ! test -x "$with_vpnc_script"; then
34 AC_MSG_ERROR([${with_vpnc_script} does not seem to be executable.]
35 [OpenConnect will not function correctly without a vpnc-script.]
36 [See http://www.infradead.org/openconnect/vpnc-script.html for more details.]
38 [If you are building a distribution package, please ensure that your]
39 [packaging is correct, and that a vpnc-script will be installed when the]
40 [user installs your package. You should provide a --with-vpnc-script=]
41 [argument to this configure script, giving the full path where the script]
44 [The standard location is ${with_vpnc_script}. To bypass this error and]
45 [build OpenConnect to use the script from this location, even though it's]
46 [not present at the time you are building OpenConnect, pass the argument]
47 ["--with-vpnc-script=${with_vpnc_script}"])
49 elif test "$with_vpnc_script" = "no"; then
50 AC_ERROR([You cannot disable vpnc-script.]
51 [OpenConnect will not function correctly without it.]
52 [See http://www.infradead.org/openconnect/vpnc-script.html])
55 AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
56 AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
60 AC_MSG_NOTICE([Applying feature macros for GNU build])
61 AC_DEFINE(_POSIX_C_SOURCE, 200112L)
63 AC_DEFINE(_BSD_SOURCE)
65 AC_DEFINE(_GNU_SOURCE)
68 AC_MSG_NOTICE([Applying feature macros for NetBSD build])
69 AC_DEFINE(_POSIX_C_SOURCE, 200112L)
70 AC_DEFINE(_NETBSD_SOURCE)
73 # On FreeBSD the only way to get vsyslog() visible is to define
74 # *nothing*, which makes absolutely everything visible.
75 # On Darwin enabling _POSIX_C_SOURCE breaks <sys/mount.h> because
76 # u_long and other types don't get defined. OpenBSD is similar.
86 symver_time="openconnect__time;"
90 AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1)], [])
91 AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1)], [symver_getline="openconnect__getline;"])
92 AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1)], [])
93 AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1)], [symver_asprintf="openconnect__asprintf;"])
94 if test -n "$symver_asprintf"; then
95 AC_MSG_CHECKING([for va_copy])
96 AC_LINK_IFELSE([AC_LANG_PROGRAM([
102 [AC_DEFINE(HAVE_VA_COPY, 1)
103 AC_MSG_RESULT(va_copy)],
104 [AC_LINK_IFELSE([AC_LANG_PROGRAM([
110 [AC_DEFINE(HAVE___VA_COPY, 1)
111 AC_MSG_RESULT(__va_copy)],
113 AC_MSG_ERROR([Your system lacks asprintf() and va_copy()])])
116 AC_SUBST(SYMVER_TIME, $symver_time)
117 AC_SUBST(SYMVER_GETLINE, $symver_getline)
118 AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf)
120 AS_COMPILER_FLAGS(CFLAGS,
123 -Wno-missing-field-initializers
125 -Wno-unused-parameter
126 -Werror=pointer-to-int-cast
127 -Wdeclaration-after-statement
128 -Werror-implicit-function-declaration
132 -Wmissing-declarations
133 -Wmissing-include-dirs
142 [ --disable-nls do not use Native Language Support],
143 [USE_NLS=$enableval], [USE_NLS=yes])
145 if test "$USE_NLS" = "yes"; then
146 AC_PATH_PROG(MSGFMT, msgfmt)
147 if test "$MSGFMT" = ""; then
148 AC_ERROR([msgfmt could not be found. Try configuring with --disable-nls])
152 if test "$USE_NLS" = "yes"; then
153 AC_MSG_CHECKING([for functional NLS support])
154 AC_LINK_IFELSE([AC_LANG_PROGRAM([
156 #include <libintl.h>],[
157 setlocale(LC_ALL, "");
158 bindtextdomain("openconnect", "/tmp");
159 (void)dgettext("openconnect", "foo");])],
160 [AC_MSG_RESULT(yes)],
163 AC_LINK_IFELSE([AC_LANG_PROGRAM([
165 #include <libintl.h>],[
166 setlocale(LC_ALL, "");
167 bindtextdomain("openconnect", "/tmp");
168 (void)dgettext("openconnect", "foo");])],
169 [AC_MSG_RESULT(yes (with -lintl))]
176 if test "$USE_NLS" = "yes"; then
178 AC_DEFINE(ENABLE_NLS, 1)
180 AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
182 AC_ARG_WITH([system-cafile],
183 AS_HELP_STRING([--with-system-cafile],
184 [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
186 # We will use GnuTLS if it's requested, and if GnuTLS doesn't have DTLS
187 # support then we'll *also* use OpenSSL for that, but it appears *only*
188 # only in the openconnect executable and not the library (hence shouldn't
189 # be a problem for GPL'd programs using libopenconnect).
191 # If built with --with-gnutls --without-openssl then we'll even eschew
192 # OpenSSL for DTLS support and will build without any DTLS support at all
193 # if GnuTLS cannot manage.
195 # The default (for now) is to use OpenSSL for everything.
197 AC_ARG_WITH([gnutls],
198 AS_HELP_STRING([--with-gnutls],
199 [Use GnuTLS instead of OpenSSL (EXPERIMENTAL)]))
200 AC_ARG_WITH([openssl],
201 AS_HELP_STRING([--with-openssl],
202 [Location of OpenSSL build dir]))
205 if test "$with_gnutls" = "yes"; then
206 PKG_CHECK_MODULES(GNUTLS, gnutls)
207 if ! $PKG_CONFIG --atleast-version=2.12.16 gnutls; then
208 AC_MSG_ERROR([Your GnuTLS is too old. At least v2.12.16 is required])
211 LIBS="$LIBS $GNUTLS_LIBS"
212 AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
213 [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], [])
214 AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
215 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
216 if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
217 # We will need to tell GnuTLS the path to the system CA file.
218 if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
219 unset with_system_cafile
220 AC_MSG_CHECKING([For location of system CA trust file])
221 for file in /etc/ssl/certs/ca-certificates.crt \
222 /etc/pki/tls/cert.pem \
223 /usr/local/share/certs/ca-root-nss.crt \
224 /etc/ssl/cert.pem; do
225 if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
226 with_system_cafile=${file}
230 AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
231 elif test "$with_system_cafile" = "no"; then
232 AC_MSG_ERROR([You cannot disable the system CA certificate file.])
234 if test "$with_system_cafile" = ""; then
235 AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
236 [Your GnuTLS requires a path to a CA certificate store. This is a file]
237 [which contains a list of the Certificate Authorities which are trusted.]
238 [Most distributions ship with this file in a standard location, but none]
239 [the known standard locations exist on your system. You should provide a]
240 [--with-system-cafile= argument to this configure script, giving the full]
241 [path to a default CA certificate file for GnuTLS to use. Also, please]
242 [send full details of your system, including 'uname -a' output and the]
243 [location of the system CA certificate store on your system, to the]
244 [openconnect-devel@lists.infradead.org mailing list.])
246 AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"])
248 AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
249 [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
250 AC_CHECK_FUNC(gnutls_certificate_set_key,
251 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
252 if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
253 AC_CHECK_FUNC(gnutls_session_set_premaster,
254 [have_gnutls_dtls=yes], [have_gnutls_dtls=no])
258 if test "$have_gnutls_dtls" = "yes"; then
259 if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
260 # They either said no OpenSSL or didn't specify, and GnuTLS can
261 # do DTLS, so just use GnuTLS.
262 AC_DEFINE(HAVE_GNUTLS_SESSION_SET_PREMASTER, 1)
266 # They specifically asked for OpenSSL, so use it for DTLS even
267 # though GnuTLS could manage.
271 if test "$with_openssl" = "no"; then
272 # GnuTLS doesn't have DTLS, but they don't want OpenSSL. So build
273 # without DTLS support at all.
276 # GnuTLS doesn't have DTLS so use OpenSSL for it, but GnuTLS for
277 # the TCP connection (and thus in the library).
281 AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
282 [PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
283 AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
284 LIBS="$oldlibs -ltspi"
285 AC_MSG_CHECKING([for tss library])
286 AC_LINK_IFELSE([AC_LANG_PROGRAM([
287 #include <trousers/tss.h>
288 #include <trousers/trousers.h>],[
289 int err = Tspi_Context_Create((void *)0);
290 Trspi_Error_String(err);])],
292 AC_SUBST([TSS_LIBS], [-ltspi])
293 AC_SUBST([TSS_CFLAGS], [])
294 AC_DEFINE(HAVE_TROUSERS, 1)],
297 elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
298 AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
300 if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then
301 PKG_CHECK_MODULES(OPENSSL, openssl, [],
303 LIBS="$LIBS -lssl -lcrypto"
304 AC_MSG_CHECKING([for OpenSSL without pkg-config])
305 AC_LINK_IFELSE([AC_LANG_PROGRAM([
306 #include <openssl/ssl.h>
307 #include <openssl/err.h>],[
310 SSL_load_error_strings();
311 OpenSSL_add_all_algorithms();])],
313 AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"])
314 AC_SUBST([OPENSSL_CFLAGS], [])],
316 if test "$ssl_library" = "both"; then
317 ssl_library="gnutls";
319 AC_ERROR([Could not build against OpenSSL]);
322 if test "$ssl_library" != "both" && test "$ssl_library" != "gnutls"; then
325 elif test "$with_openssl" != "no" ; then
326 OPENSSL_CFLAGS="-I${with_openssl}/include"
327 OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz"
328 AC_SUBST(OPENSSL_CFLAGS)
329 AC_SUBST(OPENSSL_LIBS)
332 AC_DEFINE(DTLS_OPENSSL, 1)
333 if test "$ssl_library" != "both"; then
338 case "$ssl_library" in
340 AC_DEFINE(OPENCONNECT_GNUTLS, 1)
341 AC_DEFINE(DTLS_GNUTLS, 1)
342 AC_SUBST(SSL_LIBRARY, [gnutls])
343 AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
344 AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
347 AC_DEFINE(OPENCONNECT_OPENSSL, 1)
348 AC_DEFINE(DTLS_OPENSSL, 1)
349 AC_SUBST(SSL_LIBRARY, [openssl])
350 AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
351 AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
352 AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
355 # GnuTLS for TCP, OpenSSL for DTLS
356 AC_DEFINE(OPENCONNECT_GNUTLS, 1)
357 AC_DEFINE(DTLS_OPENSSL, 1)
358 AC_SUBST(SSL_LIBRARY, [gnutls])
359 AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
360 AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
361 AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)'])
362 AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
363 AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
366 AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
369 AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ])
370 AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ])
372 # Needs to happen after we default to static/shared libraries based on OpenSSL
375 # Ick. This seems like it's likely to be very fragile, but I can't see a better
376 # way. I shall console myself with the observation that the failure mode isn't
377 # particularly horrible — you just don't get symbol versioning if it fails.
379 if test "$enable_shared" = "yes" ; then
380 AC_MSG_CHECKING([if library symbol versioning is available]);
381 echo 'FOO { global: foo; local: *; };' > conftest.map
382 echo 'int foo = 0;' > conftest.$ac_ext
383 if AC_TRY_EVAL(ac_compile); then
385 libobjs=conftest.$ac_objext
386 if AC_TRY_EVAL(archive_cmds ${wl}--version-script ${wl}conftest.map); then
387 AC_SUBST(VERSION_SCRIPT_ARG, [--version-script])
388 symvers="yes (with --version-script)"
389 elif AC_TRY_EVAL(archive_cmds ${wl}-M ${wl}conftest.map); then
390 AC_SUBST(VERSION_SCRIPT_ARG, [-M])
391 symvers="yes (with -M)"
394 AC_MSG_RESULT(${symvers})
396 AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" != "no"])
398 PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
400 PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
403 AC_MSG_CHECKING([for zlib without pkg-config])
404 AC_LINK_IFELSE([AC_LANG_PROGRAM([
407 deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
408 -12, 9, Z_DEFAULT_STRATEGY);])],
410 AC_SUBST([ZLIB_LIBS], [-lz])
411 AC_SUBST([ZLIB_CFLAGS], [])],
413 AC_ERROR([Could not build against zlib])])
416 PKG_CHECK_MODULES(LIBPROXY, libproxy-1.0,
417 [AC_SUBST(LIBPROXY_PC, libproxy-1.0)
418 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"])
421 dnl Libproxy *can* exist without a .pc file, and its header may be called
422 dnl libproxy.h in that case.
423 if (test "$libproxy_pkg" = "no"); then
424 AC_MSG_CHECKING([for libproxy])
427 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <libproxy.h>],
428 [(void)px_proxy_factory_new();])],
429 [AC_MSG_RESULT(yes (with libproxy.h))
430 AC_DEFINE([LIBPROXY_HDR], ["libproxy.h"])
431 AC_SUBST([LIBPROXY_LIBS], [-lproxy])],
432 [AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <proxy.h>],
433 [(void)px_proxy_factory_new();])],
434 [AC_MSG_RESULT(yes (with proxy.h))
435 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"])
436 AC_SUBST([LIBPROXY_LIBS], [-lproxy])],
437 [AC_MSG_RESULT(no)])])
441 AC_CHECK_HEADER([if_tun.h],
442 [AC_DEFINE([IF_TUN_HDR], ["if_tun.h"])],
443 [AC_CHECK_HEADER([linux/if_tun.h],
444 [AC_DEFINE([IF_TUN_HDR], ["linux/if_tun.h"])],
445 [AC_CHECK_HEADER([net/if_tun.h],
446 [AC_DEFINE([IF_TUN_HDR], ["net/if_tun.h"])],
447 [AC_CHECK_HEADER([net/tun/if_tun.h],
448 [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])])
450 if test "$ssl_library" = "openssl" || test "$ssl_library" = "both"; then
452 LIBS="$LIBS $OPENSSL_LIBS"
454 if test "$ssl_library" = "openssl"; then
455 AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL])
456 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/engine.h>],
457 [ENGINE_by_id("foo");])],
459 AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])],
461 AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])])
464 AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL])
465 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>
467 extern void dtls1_stop_timer(SSL *);],
468 [dtls1_stop_timer(NULL);])],
470 AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])],
475 AC_PATH_PROG(PYTHON, [python], [], $PATH:/bin:/usr/bin)
476 if (test -n "${ac_cv_path_PYTHON}"); then
477 AC_SUBST(PYTHON, ${ac_cv_path_PYTHON})
479 AC_MSG_NOTICE([Python not found; not building HTML pages])
481 AM_CONDITIONAL(BUILD_WWW, [test -n "${ac_cv_path_PYTHON}"])
483 AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS $(top_srcdir)/openconnect.h ${top_srcdir}/libopenconnect.map.in'])
484 RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"`
486 LINGUAS=`echo $RAWLINGUAS`
489 APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
490 APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
494 # We want version.c to depend on the files that would affect the
495 # output of version.sh. But we cannot assume that they'll exist,
496 # and we cannot use $(wildcard) in a non-GNU makefile. So we just
497 # depend on the files which happen to exist at configure time.
499 for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \
500 ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do
502 GITVERSIONDEPS="$GITVERSIONDEPS $a"
505 AC_SUBST(GITVERSIONDEPS)
507 AC_OUTPUT(Makefile openconnect.pc po/Makefile www/Makefile libopenconnect.map \
508 openconnect.8 www/styles/Makefile www/inc/Makefile www/images/Makefile)