-AC_INIT(openconnect, 3.99)
+AC_INIT(openconnect, 4.99)
PKG_PROG_PKG_CONFIG
AC_LANG_C
AC_CANONICAL_HOST
AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
+use_openbsd_libtool=
case $host_os in
*linux* | *gnu*)
AC_MSG_NOTICE([Applying feature macros for GNU build])
AC_DEFINE(_POSIX_C_SOURCE, 200112L)
AC_DEFINE(_NETBSD_SOURCE)
;;
+ *openbsd*)
+ AC_MSG_NOTICE([Applying feature macros for OpenBSD build])
+ use_openbsd_libtool=true
+ ;;
*)
# On FreeBSD the only way to get vsyslog() visible is to define
# *nothing*, which makes absolutely everything visible.
-Wpointer-arith
-Wwrite-strings")
+AC_CHECK_FUNC(socket, [], AC_CHECK_LIB(socket, socket, [], AC_ERROR(Cannot find socket() function)))
+AC_CHECK_FUNC(inet_aton, [], AC_CHECK_LIB(nsl, inet_aton, [], AC_ERROR(Cannot find inet_aton() function)))
+
AC_ENABLE_SHARED
AC_DISABLE_STATIC
(void)dgettext("openconnect", "foo");])],
[AC_MSG_RESULT(yes (with -lintl))]
LIBINTL="-lintl",
- [AC_MSG_RESULT(no)
- USE_NLS=no])
- LIBS="$oldLIBS"])
+ [LIBS="$LIBS -liconv"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <locale.h>
+ #include <libintl.h>],[
+ setlocale(LC_ALL, "");
+ bindtextdomain("openconnect", "/tmp");
+ (void)dgettext("openconnect", "foo");])],
+ [AC_MSG_RESULT(yes (with -lintl -liconv))]
+ LIBINTL="-lintl",
+ [AC_MSG_RESULT(no)
+ USE_NLS=no])
+ LIBS="$oldLIBS"])])
fi
if test "$USE_NLS" = "yes"; then
fi
AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
+AC_ARG_WITH([system-cafile],
+ AS_HELP_STRING([--with-system-cafile],
+ [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
+
# We will use GnuTLS if it's requested, and if GnuTLS doesn't have DTLS
# support then we'll *also* use OpenSSL for that, but it appears *only*
# only in the openconnect executable and not the library (hence shouldn't
fi
oldlibs="$LIBS"
LIBS="$LIBS $GNUTLS_LIBS"
+ AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
+ [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], [])
AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
+ if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
+ # We will need to tell GnuTLS the path to the system CA file.
+ if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
+ unset with_system_cafile
+ AC_MSG_CHECKING([For location of system CA trust file])
+ for file in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/cert.pem \
+ /usr/local/share/certs/ca-root-nss.crt \
+ /etc/ssl/cert.pem; do
+ if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
+ with_system_cafile=${file}
+ break
+ fi
+ done
+ AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
+ elif test "$with_system_cafile" = "no"; then
+ AC_MSG_ERROR([You cannot disable the system CA certificate file.])
+ fi
+ if test "$with_system_cafile" = ""; then
+ AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
+ [Your GnuTLS requires a path to a CA certificate store. This is a file]
+ [which contains a list of the Certificate Authorities which are trusted.]
+ [Most distributions ship with this file in a standard location, but none]
+ [the known standard locations exist on your system. You should provide a]
+ [--with-system-cafile= argument to this configure script, giving the full]
+ [path to a default CA certificate file for GnuTLS to use. Also, please]
+ [send full details of your system, including 'uname -a' output and the]
+ [location of the system CA certificate store on your system, to the]
+ [openconnect-devel@lists.infradead.org mailing list.])
+ fi
+ AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"])
+ fi
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
AC_CHECK_FUNC(gnutls_certificate_set_key,
- [have_set_key=yes
- AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)],
- [have_set_key=no])
+ [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
AC_CHECK_FUNC(gnutls_session_set_premaster,
[have_gnutls_dtls=yes], [have_gnutls_dtls=no])
AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
[PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
- LIBS="$oldLIBS"
- if test "$have_set_key" = "yes"; then
- LIBS="$oldlibs -ltspi"
- AC_MSG_CHECKING([for tss library])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ LIBS="$oldlibs -ltspi"
+ AC_MSG_CHECKING([for tss library])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <trousers/tss.h>
#include <trousers/trousers.h>],[
int err = Tspi_Context_Create((void *)0);
AC_SUBST([TSS_CFLAGS], [])
AC_DEFINE(HAVE_TROUSERS, 1)],
[AC_MSG_RESULT(no)])
- LIBS="$oldlibs"
- fi
+ LIBS="$oldlibs"
elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
fi
AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
;;
esac
+AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ])
+AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ])
# Needs to happen after we default to static/shared libraries based on OpenSSL
AC_PROG_LIBTOOL
+if test "$use_openbsd_libtool" = "true" && test -x /usr/bin/libtool; then
+ echo using OpenBSD libtool
+ LIBTOOL=/usr/bin/libtool
+fi
+AM_CONDITIONAL(OPENBSD_LIBTOOL, [ test "$use_openbsd_libtool" = "true" ])
# Ick. This seems like it's likely to be very fragile, but I can't see a better
# way. I shall console myself with the observation that the failure mode isn't
PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
-PKG_CHECK_MODULES(ZLIB, zlib, [],
+PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
[oldLIBS="$LIBS"
LIBS="$LIBS -lz"
AC_MSG_CHECKING([for zlib without pkg-config])
LIBS="$oldLIBS"
fi
+PKG_CHECK_MODULES(LIBSTOKEN, stoken,
+ [AC_SUBST(LIBSTOKEN_PC, stoken)
+ AC_DEFINE([LIBSTOKEN_HDR], ["stoken.h"])
+ libstoken_pkg=yes],
+ libstoken_pkg=no)
+
AC_CHECK_HEADER([if_tun.h],
[AC_DEFINE([IF_TUN_HDR], ["if_tun.h"])],
[AC_CHECK_HEADER([linux/if_tun.h],