-AC_INIT(openconnect, 3.20)
+AC_INIT(openconnect, 4.07)
PKG_PROG_PKG_CONFIG
AC_LANG_C
AC_CANONICAL_HOST
fi
AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
+AC_ARG_WITH([system-cafile],
+ AS_HELP_STRING([--with-system-cafile],
+ [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
+
# We will use GnuTLS if it's requested, and if GnuTLS doesn't have DTLS
# support then we'll *also* use OpenSSL for that, but it appears *only*
# only in the openconnect executable and not the library (hence shouldn't
fi
oldlibs="$LIBS"
LIBS="$LIBS $GNUTLS_LIBS"
+ AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
+ [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], [])
AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
+ if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
+ # We will need to tell GnuTLS the path to the system CA file.
+ if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
+ unset with_system_cafile
+ AC_MSG_CHECKING([For location of system CA trust file])
+ for file in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/cert.pem \
+ /usr/local/share/certs/ca-root-nss.crt \
+ /etc/ssl/cert.pem; do
+ if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
+ with_system_cafile=${file}
+ break
+ fi
+ done
+ AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
+ elif test "$with_system_cafile" = "no"; then
+ AC_MSG_ERROR([You cannot disable the system CA certificate file.])
+ fi
+ if test "$with_system_cafile" = ""; then
+ AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
+ [Your GnuTLS requires a path to a CA certificate store. This is a file]
+ [which contains a list of the Certificate Authorities which are trusted.]
+ [Most distributions ship with this file in a standard location, but none]
+ [the known standard locations exist on your system. You should provide a]
+ [--with-system-cafile= argument to this configure script, giving the full]
+ [path to a default CA certificate file for GnuTLS to use. Also, please]
+ [send full details of your system, including 'uname -a' output and the]
+ [location of the system CA certificate store on your system, to the]
+ [openconnect-devel@lists.infradead.org mailing list.])
+ fi
+ AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"])
+ fi
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
AC_CHECK_FUNC(gnutls_certificate_set_key,
AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
[PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
- LIBS="$oldLIBS"
+ LIBS="$oldlibs -ltspi"
+ AC_MSG_CHECKING([for tss library])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <trousers/tss.h>
+ #include <trousers/trousers.h>],[
+ int err = Tspi_Context_Create((void *)0);
+ Trspi_Error_String(err);])],
+ [AC_MSG_RESULT(yes)
+ AC_SUBST([TSS_LIBS], [-ltspi])
+ AC_SUBST([TSS_CFLAGS], [])
+ AC_DEFINE(HAVE_TROUSERS, 1)],
+ [AC_MSG_RESULT(no)])
+ LIBS="$oldlibs"
elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
fi
AC_SUBST(SSL_LIBRARY, [openssl])
AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
+ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
;;
both)
# GnuTLS for TCP, OpenSSL for DTLS
AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)'])
AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
+ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
;;
*)
AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
;;
esac
+AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ])
+AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ])
# Needs to happen after we default to static/shared libraries based on OpenSSL
AC_PROG_LIBTOOL
PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
-PKG_CHECK_MODULES(ZLIB, zlib, [],
+PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
[oldLIBS="$LIBS"
LIBS="$LIBS -lz"
AC_MSG_CHECKING([for zlib without pkg-config])
LIBS="$oldLIBS"
fi
+PKG_CHECK_MODULES(LIBSTOKEN, stoken,
+ [AC_SUBST(LIBSTOKEN_PC, stoken)
+ AC_DEFINE([LIBSTOKEN_HDR], ["stoken.h"])
+ libstoken_pkg=yes],
+ libstoken_pkg=no)
+
AC_CHECK_HEADER([if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["if_tun.h"])],
[AC_CHECK_HEADER([linux/if_tun.h],
projects / platform / upstream / openconnect.git / blobdiff