+ [Location of OpenSSL build dir]))
+ssl_library=
+
+if test "$with_gnutls" = "yes"; then
+ PKG_CHECK_MODULES(GNUTLS, gnutls)
+ if ! $PKG_CONFIG --atleast-version=2.12.16 gnutls; then
+ AC_MSG_ERROR([Your GnuTLS is too old. At least v2.12.16 is required])
+ fi
+ oldlibs="$LIBS"
+ LIBS="$LIBS $GNUTLS_LIBS"
+ AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
+ [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], [])
+ AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
+ [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
+ if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
+ # We will need to tell GnuTLS the path to the system CA file.
+ if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
+ unset with_system_cafile
+ AC_MSG_CHECKING([For location of system CA trust file])
+ for file in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/cert.pem \
+ /usr/local/share/certs/ca-root-nss.crt \
+ /etc/ssl/cert.pem; do
+ if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
+ with_system_cafile=${file}
+ break
+ fi
+ done
+ AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
+ elif test "$with_system_cafile" = "no"; then
+ AC_MSG_ERROR([You cannot disable the system CA certificate file.])
+ fi
+ if test "$with_system_cafile" = ""; then
+ AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
+ [Your GnuTLS requires a path to a CA certificate store. This is a file]
+ [which contains a list of the Certificate Authorities which are trusted.]
+ [Most distributions ship with this file in a standard location, but none]
+ [the known standard locations exist on your system. You should provide a]
+ [--with-system-cafile= argument to this configure script, giving the full]
+ [path to a default CA certificate file for GnuTLS to use. Also, please]
+ [send full details of your system, including 'uname -a' output and the]
+ [location of the system CA certificate store on your system, to the]
+ [openconnect-devel@lists.infradead.org mailing list.])
+ fi
+ AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"])
+ fi
+ AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
+ [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
+ AC_CHECK_FUNC(gnutls_certificate_set_key,
+ [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
+ if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
+ AC_CHECK_FUNC(gnutls_session_set_premaster,
+ [have_gnutls_dtls=yes], [have_gnutls_dtls=no])
+ else
+ have_gnutls_dtls=no
+ fi
+ if test "$have_gnutls_dtls" = "yes"; then
+ if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
+ # They either said no OpenSSL or didn't specify, and GnuTLS can
+ # do DTLS, so just use GnuTLS.
+ AC_DEFINE(HAVE_GNUTLS_SESSION_SET_PREMASTER, 1)
+ ssl_library=gnutls
+ with_openssl=no
+ else
+ # They specifically asked for OpenSSL, so use it for DTLS even
+ # though GnuTLS could manage.
+ ssl_library=both
+ fi
+ else
+ if test "$with_openssl" = "no"; then
+ # GnuTLS doesn't have DTLS, but they don't want OpenSSL. So build
+ # without DTLS support at all.
+ ssl_library=gnutls
+ else
+ # GnuTLS doesn't have DTLS so use OpenSSL for it, but GnuTLS for
+ # the TCP connection (and thus in the library).
+ ssl_library=both
+ fi
+ fi
+ AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
+ [PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
+ AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
+ LIBS="$oldlibs -ltspi"
+ AC_MSG_CHECKING([for tss library])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <trousers/tss.h>
+ #include <trousers/trousers.h>],[
+ int err = Tspi_Context_Create((void *)0);
+ Trspi_Error_String(err);])],
+ [AC_MSG_RESULT(yes)
+ AC_SUBST([TSS_LIBS], [-ltspi])
+ AC_SUBST([TSS_CFLAGS], [])
+ AC_DEFINE(HAVE_TROUSERS, 1)],
+ [AC_MSG_RESULT(no)])
+ LIBS="$oldlibs"
+elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
+ AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
+fi
+if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then
+ PKG_CHECK_MODULES(OPENSSL, openssl, [],
+ [oldLIBS="$LIBS"
+ LIBS="$LIBS -lssl -lcrypto"
+ AC_MSG_CHECKING([for OpenSSL without pkg-config])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([