X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=configure.ac;h=430fe771003597b05640e3568a669e2c8091b9c4;hb=c8be5eb6130e8d9510a1ceaf24a2680b7071ac2f;hp=794edd015486f896eb95f97e7803873067d4aa19;hpb=7a37bed19745c485a8b5e345f840b85dfbb66cec;p=platform%2Fupstream%2Fopenconnect.git diff --git a/configure.ac b/configure.ac index 794edd0..430fe77 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT(openconnect, 3.18) +AC_INIT(openconnect, 4.07) PKG_PROG_PKG_CONFIG AC_LANG_C AC_CANONICAL_HOST @@ -14,6 +14,16 @@ AC_PREREQ([2.59c], [], [AC_SUBST([htmldir], [m4_ifset([AC_PACKAGE_TARNAME], AC_PREREQ([2.60], [], [AC_SUBST([localedir], ['$(datadir)/locale'])]) +# Upstream's pkg.m4 (since 0.27) offers this now, but define our own +# compatible version in case the local version of pkgconfig isn't new enough. +# https://bugs.freedesktop.org/show_bug.cgi?id=48743 +m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR], + [AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], + [install directory for openconnect.pc pkg-config file])], + [],[with_pkgconfigdir='$(libdir)/pkgconfig']) + AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])]) + AC_ARG_WITH([vpnc-script], [AS_HELP_STRING([--with-vpnc-script], [default location of vpnc-script helper])]) @@ -43,6 +53,7 @@ elif test "$with_vpnc_script" = "no"; then fi AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}") +AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}") case $host_os in *linux* | *gnu*) @@ -76,6 +87,7 @@ case $host_os in ;; esac +AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1)], []) AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1)], [symver_getline="openconnect__getline;"]) AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1)], []) AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1)], [symver_asprintf="openconnect__asprintf;"]) @@ -127,7 +139,7 @@ AC_ENABLE_SHARED AC_DISABLE_STATIC AC_ARG_ENABLE([nls], - [ --disable-nls do not use Native Language Support], + [ --disable-nls do not use Native Language Support], [USE_NLS=$enableval], [USE_NLS=yes]) LIBINTL= if test "$USE_NLS" = "yes"; then @@ -167,32 +179,195 @@ if test "$USE_NLS" = "yes"; then fi AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"]) +AC_ARG_WITH([system-cafile], + AS_HELP_STRING([--with-system-cafile], + [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions])) + +# We will use GnuTLS if it's requested, and if GnuTLS doesn't have DTLS +# support then we'll *also* use OpenSSL for that, but it appears *only* +# only in the openconnect executable and not the library (hence shouldn't +# be a problem for GPL'd programs using libopenconnect). +# +# If built with --with-gnutls --without-openssl then we'll even eschew +# OpenSSL for DTLS support and will build without any DTLS support at all +# if GnuTLS cannot manage. +# +# The default (for now) is to use OpenSSL for everything. + +AC_ARG_WITH([gnutls], + AS_HELP_STRING([--with-gnutls], + [Use GnuTLS instead of OpenSSL (EXPERIMENTAL)])) AC_ARG_WITH([openssl], AS_HELP_STRING([--with-openssl], - [Location of OpenSSL build dir]), - [OPENSSL_CFLAGS="-I${with_openssl}/include" - OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz" - AC_SUBST(OPENSSL_CFLAGS) - AC_SUBST(OPENSSL_LIBS) - enable_static=yes - enable_shared=no], - [PKG_CHECK_MODULES(OPENSSL, openssl, [], - [oldLIBS="$LIBS" - LIBS="$LIBS -lssl -lcrypto" - AC_MSG_CHECKING([for OpenSSL without pkg-config]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ + [Location of OpenSSL build dir])) +ssl_library= + +if test "$with_gnutls" = "yes"; then + PKG_CHECK_MODULES(GNUTLS, gnutls) + if ! $PKG_CONFIG --atleast-version=2.12.16 gnutls; then + AC_MSG_ERROR([Your GnuTLS is too old. At least v2.12.16 is required]) + fi + oldlibs="$LIBS" + LIBS="$LIBS $GNUTLS_LIBS" + AC_CHECK_FUNC(gnutls_dtls_set_data_mtu, + [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], []) + AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust, + [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], []) + if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then + # We will need to tell GnuTLS the path to the system CA file. + if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then + unset with_system_cafile + AC_MSG_CHECKING([For location of system CA trust file]) + for file in /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/cert.pem \ + /usr/local/share/certs/ca-root-nss.crt \ + /etc/ssl/cert.pem; do + if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then + with_system_cafile=${file} + break + fi + done + AC_MSG_RESULT([${with_system_cafile-NOT FOUND}]) + elif test "$with_system_cafile" = "no"; then + AC_MSG_ERROR([You cannot disable the system CA certificate file.]) + fi + if test "$with_system_cafile" = ""; then + AC_MSG_ERROR([Unable to find a standard system CA certificate file.] + [Your GnuTLS requires a path to a CA certificate store. This is a file] + [which contains a list of the Certificate Authorities which are trusted.] + [Most distributions ship with this file in a standard location, but none] + [the known standard locations exist on your system. You should provide a] + [--with-system-cafile= argument to this configure script, giving the full] + [path to a default CA certificate file for GnuTLS to use. Also, please] + [send full details of your system, including 'uname -a' output and the] + [location of the system CA certificate store on your system, to the] + [openconnect-devel@lists.infradead.org mailing list.]) + fi + AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"]) + fi + AC_CHECK_FUNC(gnutls_pkcs12_simple_parse, + [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], []) + AC_CHECK_FUNC(gnutls_certificate_set_key, + [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], []) + if test "$with_openssl" = "" || test "$with_openssl" = "no"; then + AC_CHECK_FUNC(gnutls_session_set_premaster, + [have_gnutls_dtls=yes], [have_gnutls_dtls=no]) + else + have_gnutls_dtls=no + fi + if test "$have_gnutls_dtls" = "yes"; then + if test "$with_openssl" = "" || test "$with_openssl" = "no"; then + # They either said no OpenSSL or didn't specify, and GnuTLS can + # do DTLS, so just use GnuTLS. + AC_DEFINE(HAVE_GNUTLS_SESSION_SET_PREMASTER, 1) + ssl_library=gnutls + with_openssl=no + else + # They specifically asked for OpenSSL, so use it for DTLS even + # though GnuTLS could manage. + ssl_library=both + fi + else + if test "$with_openssl" = "no"; then + # GnuTLS doesn't have DTLS, but they don't want OpenSSL. So build + # without DTLS support at all. + ssl_library=gnutls + else + # GnuTLS doesn't have DTLS so use OpenSSL for it, but GnuTLS for + # the TCP connection (and thus in the library). + ssl_library=both + fi + fi + AC_CHECK_FUNC(gnutls_pkcs11_add_provider, + [PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT) + AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], []) + LIBS="$oldlibs -ltspi" + AC_MSG_CHECKING([for tss library]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include + #include ],[ + int err = Tspi_Context_Create((void *)0); + Trspi_Error_String(err);])], + [AC_MSG_RESULT(yes) + AC_SUBST([TSS_LIBS], [-ltspi]) + AC_SUBST([TSS_CFLAGS], []) + AC_DEFINE(HAVE_TROUSERS, 1)], + [AC_MSG_RESULT(no)]) + LIBS="$oldlibs" +elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then + AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported]) +fi +if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then + PKG_CHECK_MODULES(OPENSSL, openssl, [], + [oldLIBS="$LIBS" + LIBS="$LIBS -lssl -lcrypto" + AC_MSG_CHECKING([for OpenSSL without pkg-config]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[ SSL_library_init(); ERR_clear_error(); SSL_load_error_strings(); OpenSSL_add_all_algorithms();])], - [AC_MSG_RESULT(yes) - AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"]) - AC_SUBST([OPENSSL_CFLAGS], [])], - [AC_MSG_RESULT(no) - AC_ERROR([Could not build against OpenSSL])]) - LIBS="$oldLIBS"])]) + [AC_MSG_RESULT(yes) + AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"]) + AC_SUBST([OPENSSL_CFLAGS], [])], + [AC_MSG_RESULT(no) + if test "$ssl_library" = "both"; then + ssl_library="gnutls"; + else + AC_ERROR([Could not build against OpenSSL]); + fi]) + LIBS="$oldLIBS"]) + if test "$ssl_library" != "both" && test "$ssl_library" != "gnutls"; then + ssl_library=openssl + fi +elif test "$with_openssl" != "no" ; then + OPENSSL_CFLAGS="-I${with_openssl}/include" + OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz" + AC_SUBST(OPENSSL_CFLAGS) + AC_SUBST(OPENSSL_LIBS) + enable_static=yes + enable_shared=no + AC_DEFINE(DTLS_OPENSSL, 1) + if test "$ssl_library" != "both"; then + ssl_library=openssl + fi +fi + +case "$ssl_library" in + gnutls) + AC_DEFINE(OPENCONNECT_GNUTLS, 1) + AC_DEFINE(DTLS_GNUTLS, 1) + AC_SUBST(SSL_LIBRARY, [gnutls]) + AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)']) + AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)']) + ;; + openssl) + AC_DEFINE(OPENCONNECT_OPENSSL, 1) + AC_DEFINE(DTLS_OPENSSL, 1) + AC_SUBST(SSL_LIBRARY, [openssl]) + AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)']) + AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) + AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"]) + ;; + both) + # GnuTLS for TCP, OpenSSL for DTLS + AC_DEFINE(OPENCONNECT_GNUTLS, 1) + AC_DEFINE(DTLS_OPENSSL, 1) + AC_SUBST(SSL_LIBRARY, [gnutls]) + AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)']) + AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)']) + AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)']) + AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) + AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"]) + ;; + *) + AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.]) + ;; +esac +AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ]) +AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ]) # Needs to happen after we default to static/shared libraries based on OpenSSL AC_PROG_LIBTOOL @@ -222,7 +397,7 @@ AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" != "no"]) PKG_CHECK_MODULES(LIBXML2, libxml-2.0) -PKG_CHECK_MODULES(ZLIB, zlib, [], +PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])], [oldLIBS="$LIBS" LIBS="$LIBS -lz" AC_MSG_CHECKING([for zlib without pkg-config]) @@ -263,6 +438,12 @@ if (test "$libproxy_pkg" = "no"); then LIBS="$oldLIBS" fi +PKG_CHECK_MODULES(LIBSTOKEN, stoken, + [AC_SUBST(LIBSTOKEN_PC, stoken) + AC_DEFINE([LIBSTOKEN_HDR], ["stoken.h"]) + libstoken_pkg=yes], + libstoken_pkg=no) + AC_CHECK_HEADER([if_tun.h], [AC_DEFINE([IF_TUN_HDR], ["if_tun.h"])], [AC_CHECK_HEADER([linux/if_tun.h], @@ -272,28 +453,30 @@ AC_CHECK_HEADER([if_tun.h], [AC_CHECK_HEADER([net/tun/if_tun.h], [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])]) -oldLIBS="$LIBS" -LIBS="$LIBS $OPENSSL_LIBS" - -AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL]) -AC_LINK_IFELSE([AC_LANG_PROGRAM( - [#include ], - [ENGINE_by_id("foo");])], - [AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])], - [AC_MSG_RESULT(no) - AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])]) - -AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL]) -AC_LINK_IFELSE([AC_LANG_PROGRAM( - [#include - #include - extern void dtls1_stop_timer(SSL *);], - [dtls1_stop_timer(NULL);])], - [AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])], - [AC_MSG_RESULT(no)]) -LIBS="$oldLIBS" +if test "$ssl_library" = "openssl" || test "$ssl_library" = "both"; then + oldLIBS="$LIBS" + LIBS="$LIBS $OPENSSL_LIBS" + + if test "$ssl_library" = "openssl"; then + AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], + [ENGINE_by_id("foo");])], + [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])], + [AC_MSG_RESULT(no) + AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])]) + fi + + AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include + #include + extern void dtls1_stop_timer(SSL *);], + [dtls1_stop_timer(NULL);])], + [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])], + [AC_MSG_RESULT(no)]) + LIBS="$oldLIBS" +fi AC_PATH_PROG(PYTHON, [python], [], $PATH:/bin:/usr/bin) if (test -n "${ac_cv_path_PYTHON}"); then @@ -303,18 +486,24 @@ else fi AM_CONDITIONAL(BUILD_WWW, [test -n "${ac_cv_path_PYTHON}"]) -AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS']) +AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS $(top_srcdir)/openconnect.h ${top_srcdir}/libopenconnect.map.in']) RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"` # Remove newlines LINGUAS=`echo $RAWLINGUAS` AC_SUBST(LINGUAS) +APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`" +APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`" +AC_SUBST(APIMAJOR) +AC_SUBST(APIMINOR) + # We want version.c to depend on the files that would affect the # output of version.sh. But we cannot assume that they'll exist, # and we cannot use $(wildcard) in a non-GNU makefile. So we just # depend on the files which happen to exist at configure time. GITVERSIONDEPS= -for a in .git/index .git/packed-refs .git/refs/tags .git/HEAD; do +for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \ + ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do if test -r $a ; then GITVERSIONDEPS="$GITVERSIONDEPS $a" fi @@ -322,4 +511,4 @@ done AC_SUBST(GITVERSIONDEPS) AC_OUTPUT(Makefile openconnect.pc po/Makefile www/Makefile libopenconnect.map \ - www/styles/Makefile www/inc/Makefile www/images/Makefile) + openconnect.8 www/styles/Makefile www/inc/Makefile www/images/Makefile)