-
-AC_INIT(openconnect, 3.18)
+AC_INIT(openconnect, 4.07)
PKG_PROG_PKG_CONFIG
AC_LANG_C
AC_CANONICAL_HOST
AC_PREREQ([2.60], [], [AC_SUBST([localedir], ['$(datadir)/locale'])])
+# Upstream's pkg.m4 (since 0.27) offers this now, but define our own
+# compatible version in case the local version of pkgconfig isn't new enough.
+# https://bugs.freedesktop.org/show_bug.cgi?id=48743
+m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR],
+ [AC_ARG_WITH([pkgconfigdir],
+ [AS_HELP_STRING([--with-pkgconfigdir],
+ [install directory for openconnect.pc pkg-config file])],
+ [],[with_pkgconfigdir='$(libdir)/pkgconfig'])
+ AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])])
+
AC_ARG_WITH([vpnc-script],
[AS_HELP_STRING([--with-vpnc-script],
[default location of vpnc-script helper])])
fi
AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
+AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
case $host_os in
*linux* | *gnu*)
;;
esac
-AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1)], [])
+symver_time=
+symver_getline=
+symver_asprintf=
+
+case $host_os in
+ *solaris*|*sunos*)
+ symver_time="openconnect__time;"
+ ;;
+esac
+
+AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1)], [])
+AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1)], [symver_getline="openconnect__getline;"])
AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1)], [])
-need_vacopy=no
-AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1)], [need_vacopy=yes])
-if test "$need_vacopy" = "yes"; then
+AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1)], [symver_asprintf="openconnect__asprintf;"])
+if test -n "$symver_asprintf"; then
AC_MSG_CHECKING([for va_copy])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <stdarg.h>
AC_MSG_ERROR([Your system lacks asprintf() and va_copy()])])
])
fi
-
-
+AC_SUBST(SYMVER_TIME, $symver_time)
+AC_SUBST(SYMVER_GETLINE, $symver_getline)
+AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf)
AS_COMPILER_FLAGS(CFLAGS,
"-Wall
AC_DISABLE_STATIC
AC_ARG_ENABLE([nls],
- [ --disable-nls do not use Native Language Support],
+ [ --disable-nls do not use Native Language Support],
[USE_NLS=$enableval], [USE_NLS=yes])
LIBINTL=
if test "$USE_NLS" = "yes"; then
fi
AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
+AC_ARG_WITH([system-cafile],
+ AS_HELP_STRING([--with-system-cafile],
+ [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
+
+# We will use GnuTLS if it's requested, and if GnuTLS doesn't have DTLS
+# support then we'll *also* use OpenSSL for that, but it appears *only*
+# only in the openconnect executable and not the library (hence shouldn't
+# be a problem for GPL'd programs using libopenconnect).
+#
+# If built with --with-gnutls --without-openssl then we'll even eschew
+# OpenSSL for DTLS support and will build without any DTLS support at all
+# if GnuTLS cannot manage.
+#
+# The default (for now) is to use OpenSSL for everything.
+
+AC_ARG_WITH([gnutls],
+ AS_HELP_STRING([--with-gnutls],
+ [Use GnuTLS instead of OpenSSL (EXPERIMENTAL)]))
AC_ARG_WITH([openssl],
AS_HELP_STRING([--with-openssl],
- [Location of OpenSSL build dir]),
- [OPENSSL_CFLAGS="-I${with_openssl}/include"
- OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz"
- AC_SUBST(OPENSSL_CFLAGS)
- AC_SUBST(OPENSSL_LIBS)
- enable_static=yes
- enable_shared=no],
- [PKG_CHECK_MODULES(OPENSSL, openssl, [],
- [oldLIBS="$LIBS"
- LIBS="$LIBS -lssl -lcrypto"
- AC_MSG_CHECKING([for OpenSSL without pkg-config])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ [Location of OpenSSL build dir]))
+ssl_library=
+
+if test "$with_gnutls" = "yes"; then
+ PKG_CHECK_MODULES(GNUTLS, gnutls)
+ if ! $PKG_CONFIG --atleast-version=2.12.16 gnutls; then
+ AC_MSG_ERROR([Your GnuTLS is too old. At least v2.12.16 is required])
+ fi
+ oldlibs="$LIBS"
+ LIBS="$LIBS $GNUTLS_LIBS"
+ AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
+ [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], [])
+ AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
+ [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
+ if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
+ # We will need to tell GnuTLS the path to the system CA file.
+ if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
+ unset with_system_cafile
+ AC_MSG_CHECKING([For location of system CA trust file])
+ for file in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/cert.pem \
+ /usr/local/share/certs/ca-root-nss.crt \
+ /etc/ssl/cert.pem; do
+ if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
+ with_system_cafile=${file}
+ break
+ fi
+ done
+ AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
+ elif test "$with_system_cafile" = "no"; then
+ AC_MSG_ERROR([You cannot disable the system CA certificate file.])
+ fi
+ if test "$with_system_cafile" = ""; then
+ AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
+ [Your GnuTLS requires a path to a CA certificate store. This is a file]
+ [which contains a list of the Certificate Authorities which are trusted.]
+ [Most distributions ship with this file in a standard location, but none]
+ [the known standard locations exist on your system. You should provide a]
+ [--with-system-cafile= argument to this configure script, giving the full]
+ [path to a default CA certificate file for GnuTLS to use. Also, please]
+ [send full details of your system, including 'uname -a' output and the]
+ [location of the system CA certificate store on your system, to the]
+ [openconnect-devel@lists.infradead.org mailing list.])
+ fi
+ AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"])
+ fi
+ AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
+ [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
+ AC_CHECK_FUNC(gnutls_certificate_set_key,
+ [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
+ if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
+ AC_CHECK_FUNC(gnutls_session_set_premaster,
+ [have_gnutls_dtls=yes], [have_gnutls_dtls=no])
+ else
+ have_gnutls_dtls=no
+ fi
+ if test "$have_gnutls_dtls" = "yes"; then
+ if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
+ # They either said no OpenSSL or didn't specify, and GnuTLS can
+ # do DTLS, so just use GnuTLS.
+ AC_DEFINE(HAVE_GNUTLS_SESSION_SET_PREMASTER, 1)
+ ssl_library=gnutls
+ with_openssl=no
+ else
+ # They specifically asked for OpenSSL, so use it for DTLS even
+ # though GnuTLS could manage.
+ ssl_library=both
+ fi
+ else
+ if test "$with_openssl" = "no"; then
+ # GnuTLS doesn't have DTLS, but they don't want OpenSSL. So build
+ # without DTLS support at all.
+ ssl_library=gnutls
+ else
+ # GnuTLS doesn't have DTLS so use OpenSSL for it, but GnuTLS for
+ # the TCP connection (and thus in the library).
+ ssl_library=both
+ fi
+ fi
+ AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
+ [PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
+ AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
+ LIBS="$oldlibs -ltspi"
+ AC_MSG_CHECKING([for tss library])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <trousers/tss.h>
+ #include <trousers/trousers.h>],[
+ int err = Tspi_Context_Create((void *)0);
+ Trspi_Error_String(err);])],
+ [AC_MSG_RESULT(yes)
+ AC_SUBST([TSS_LIBS], [-ltspi])
+ AC_SUBST([TSS_CFLAGS], [])
+ AC_DEFINE(HAVE_TROUSERS, 1)],
+ [AC_MSG_RESULT(no)])
+ LIBS="$oldlibs"
+elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
+ AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
+fi
+if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then
+ PKG_CHECK_MODULES(OPENSSL, openssl, [],
+ [oldLIBS="$LIBS"
+ LIBS="$LIBS -lssl -lcrypto"
+ AC_MSG_CHECKING([for OpenSSL without pkg-config])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
#include <openssl/err.h>],[
SSL_library_init();
ERR_clear_error();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();])],
- [AC_MSG_RESULT(yes)
- AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"])
- AC_SUBST([OPENSSL_CFLAGS], [])],
- [AC_MSG_RESULT(no)
- AC_ERROR([Could not build against OpenSSL])])
- LIBS="$oldLIBS"])])
+ [AC_MSG_RESULT(yes)
+ AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"])
+ AC_SUBST([OPENSSL_CFLAGS], [])],
+ [AC_MSG_RESULT(no)
+ if test "$ssl_library" = "both"; then
+ ssl_library="gnutls";
+ else
+ AC_ERROR([Could not build against OpenSSL]);
+ fi])
+ LIBS="$oldLIBS"])
+ if test "$ssl_library" != "both" && test "$ssl_library" != "gnutls"; then
+ ssl_library=openssl
+ fi
+elif test "$with_openssl" != "no" ; then
+ OPENSSL_CFLAGS="-I${with_openssl}/include"
+ OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz"
+ AC_SUBST(OPENSSL_CFLAGS)
+ AC_SUBST(OPENSSL_LIBS)
+ enable_static=yes
+ enable_shared=no
+ AC_DEFINE(DTLS_OPENSSL, 1)
+ if test "$ssl_library" != "both"; then
+ ssl_library=openssl
+ fi
+fi
+
+case "$ssl_library" in
+ gnutls)
+ AC_DEFINE(OPENCONNECT_GNUTLS, 1)
+ AC_DEFINE(DTLS_GNUTLS, 1)
+ AC_SUBST(SSL_LIBRARY, [gnutls])
+ AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
+ AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
+ ;;
+ openssl)
+ AC_DEFINE(OPENCONNECT_OPENSSL, 1)
+ AC_DEFINE(DTLS_OPENSSL, 1)
+ AC_SUBST(SSL_LIBRARY, [openssl])
+ AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
+ AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
+ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
+ ;;
+ both)
+ # GnuTLS for TCP, OpenSSL for DTLS
+ AC_DEFINE(OPENCONNECT_GNUTLS, 1)
+ AC_DEFINE(DTLS_OPENSSL, 1)
+ AC_SUBST(SSL_LIBRARY, [gnutls])
+ AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
+ AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
+ AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)'])
+ AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
+ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
+ ;;
+ *)
+ AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
+ ;;
+esac
+AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ])
+AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ])
# Needs to happen after we default to static/shared libraries based on OpenSSL
AC_PROG_LIBTOOL
symvers=no
if test "$enable_shared" = "yes" ; then
AC_MSG_CHECKING([if library symbol versioning is available]);
- echo 'FOO { global: foo; };' > conftest.map
+ echo 'FOO { global: foo; local: *; };' > conftest.map
echo 'int foo = 0;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
soname=conftest
libobjs=conftest.$ac_objext
if AC_TRY_EVAL(archive_cmds ${wl}--version-script ${wl}conftest.map); then
- symvers=yes
+ AC_SUBST(VERSION_SCRIPT_ARG, [--version-script])
+ symvers="yes (with --version-script)"
+ elif AC_TRY_EVAL(archive_cmds ${wl}-M ${wl}conftest.map); then
+ AC_SUBST(VERSION_SCRIPT_ARG, [-M])
+ symvers="yes (with -M)"
fi
fi
AC_MSG_RESULT(${symvers})
fi
-AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" = "yes"])
+AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" != "no"])
PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
-PKG_CHECK_MODULES(ZLIB, zlib, [],
+PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
[oldLIBS="$LIBS"
LIBS="$LIBS -lz"
AC_MSG_CHECKING([for zlib without pkg-config])
LIBS="$oldLIBS"
fi
+PKG_CHECK_MODULES(LIBSTOKEN, stoken,
+ [AC_SUBST(LIBSTOKEN_PC, stoken)
+ AC_DEFINE([LIBSTOKEN_HDR], ["stoken.h"])
+ libstoken_pkg=yes],
+ libstoken_pkg=no)
+
AC_CHECK_HEADER([if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["if_tun.h"])],
[AC_CHECK_HEADER([linux/if_tun.h],
[AC_CHECK_HEADER([net/tun/if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])])
-oldLIBS="$LIBS"
-LIBS="$LIBS $OPENSSL_LIBS"
-
-AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL])
-AC_LINK_IFELSE([AC_LANG_PROGRAM(
- [#include <openssl/engine.h>],
- [ENGINE_by_id("foo");])],
- [AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])],
- [AC_MSG_RESULT(no)
- AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])])
-
-AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL])
-AC_LINK_IFELSE([AC_LANG_PROGRAM(
- [#include <openssl/ssl.h>
- #include <stdlib.h>
- extern void dtls1_stop_timer(SSL *);],
- [dtls1_stop_timer(NULL);])],
- [AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])],
- [AC_MSG_RESULT(no)])
-LIBS="$oldLIBS"
+if test "$ssl_library" = "openssl" || test "$ssl_library" = "both"; then
+ oldLIBS="$LIBS"
+ LIBS="$LIBS $OPENSSL_LIBS"
+
+ if test "$ssl_library" = "openssl"; then
+ AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/engine.h>],
+ [ENGINE_by_id("foo");])],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])],
+ [AC_MSG_RESULT(no)
+ AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])])
+ fi
+
+ AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>
+ #include <stdlib.h>
+ extern void dtls1_stop_timer(SSL *);],
+ [dtls1_stop_timer(NULL);])],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])],
+ [AC_MSG_RESULT(no)])
+ LIBS="$oldLIBS"
+fi
AC_PATH_PROG(PYTHON, [python], [], $PATH:/bin:/usr/bin)
if (test -n "${ac_cv_path_PYTHON}"); then
fi
AM_CONDITIONAL(BUILD_WWW, [test -n "${ac_cv_path_PYTHON}"])
-AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS'])
+AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS $(top_srcdir)/openconnect.h ${top_srcdir}/libopenconnect.map.in'])
RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"`
# Remove newlines
LINGUAS=`echo $RAWLINGUAS`
AC_SUBST(LINGUAS)
+APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
+APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
+AC_SUBST(APIMAJOR)
+AC_SUBST(APIMINOR)
+
# We want version.c to depend on the files that would affect the
# output of version.sh. But we cannot assume that they'll exist,
# and we cannot use $(wildcard) in a non-GNU makefile. So we just
# depend on the files which happen to exist at configure time.
GITVERSIONDEPS=
-for a in .git/index .git/packed-refs .git/refs/tags .git/HEAD; do
+for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \
+ ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do
if test -r $a ; then
GITVERSIONDEPS="$GITVERSIONDEPS $a"
fi
done
AC_SUBST(GITVERSIONDEPS)
-AC_OUTPUT(Makefile openconnect.pc po/Makefile www/Makefile \
- www/styles/Makefile www/inc/Makefile www/images/Makefile)
+AC_OUTPUT(Makefile openconnect.pc po/Makefile www/Makefile libopenconnect.map \
+ openconnect.8 www/styles/Makefile www/inc/Makefile www/images/Makefile)