1 dnl Process this file with autoconf to produce a configure script.
2 # Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
6 # This file is part of GnuTLS.
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 # General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
24 AC_INIT([GnuTLS], [3.4.11], [bugs@gnutls.org])
25 AC_CONFIG_AUX_DIR([build-aux])
26 AC_CONFIG_MACRO_DIR([m4])
29 AM_INIT_AUTOMAKE([1.12.2 subdir-objects no-dist-gzip dist-xz -Wall -Wno-override])
30 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
31 AC_CONFIG_HEADERS([config.h])
34 *** Checking for compilation programs...
37 dnl Checks for programs.
50 AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
51 enable_doc=$enableval, enable_doc=yes)
52 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
55 AS_HELP_STRING([--disable-tools], [don't compile any tools]),
56 enable_tools=$enableval, enable_tools=yes)
57 AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no")
59 if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
60 AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true])
62 if test x"$AUTOGEN" = "x/bin/true"; then
65 *** autogen not found. Will not link against libopts.
71 # For includes/gnutls/gnutls.h.in.
72 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
73 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
74 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
75 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
77 touch suppressions.valgrind
78 dnl C and C++ capabilities
84 AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
85 use_cxx=$enableval, use_cxx=yes)
86 if test "$use_cxx" != "no"; then
88 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
91 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
93 dnl Detect windows build
100 *mingw32* | *mingw64*)
110 *** In solaris hardware acceleration is disabled by default due to issues
111 *** with the assembler. Use --enable-hardware-acceleration to enable it.
119 AM_CONDITIONAL(ANDROID, test "$have_android" = yes)
120 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
121 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
122 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
124 dnl Hardware Acceleration
125 AC_ARG_ENABLE(hardware-acceleration,
126 AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
127 use_accel=$enableval)
132 if test "$use_accel" != "no"; then
134 i?86 | x86_64 | amd64)
135 AC_CHECK_HEADERS(cpuid.h)
136 if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
149 AC_ARG_ENABLE(padlock,
150 AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
151 use_padlock=$enableval)
153 if test "$use_padlock" != "no"; then
154 AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
155 AC_SUBST([ENABLE_PADLOCK])
157 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
158 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
159 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
160 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
161 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
162 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
164 dnl check for getrandom()
166 AC_MSG_CHECKING([for getrandom])
167 AC_LINK_IFELSE([AC_LANG_PROGRAM([
168 #include <linux/random.h>],[
172 AC_DEFINE([HAVE_LINUX_GETRANDOM], 1, [Enable the Linux getrandom function])
173 enable_getrandom=getrandom],
176 AC_MSG_CHECKING([for getentropy])
177 AC_LINK_IFELSE([AC_LANG_PROGRAM([
178 #include <unistd.h>],[
182 AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
183 enable_getrandom=getentropy],
188 LIBGNUTLS_EXTRA_HOOKS
191 AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
192 enable_tests=$enableval, enable_tests=$enable_tools)
193 if test "$enable_tests" = "yes" && test "$enable_tools" = "no"; then
194 true #AC_MSG_ERROR([Cannot enable tests while disabling tools])
196 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
199 AM_GNU_GETTEXT([external])
200 AM_GNU_GETTEXT_VERSION([0.19])
204 dnl No fork on MinGW, disable some self-tests until we fix them.
205 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
206 AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,)
207 if test "$ac_cv_func_vasprintf" != "yes";then
208 AC_MSG_CHECKING([for va_copy])
209 AC_LINK_IFELSE([AC_LANG_PROGRAM([
215 [AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()])
216 AC_MSG_RESULT(va_copy)],
217 [AC_LINK_IFELSE([AC_LANG_PROGRAM([
223 [AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()])
224 AC_MSG_RESULT(__va_copy)],
226 AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])])
230 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
232 AC_CHECK_FUNCS([__register_atfork],,)
234 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
236 ], [timer_create (0,0,0);])
238 if test "$have_win" != "yes";then
239 AC_CHECK_FUNCS([pthread_mutex_lock],,)
240 if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
241 AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
245 if test "$ac_cv_func_nanosleep" != "yes";then
246 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
247 gnutls_needs_librt=yes
250 if test "$ac_cv_func_inet_pton" != "yes";then
251 AC_LIB_HAVE_LINKFLAGS(nsl,, [#include <arpa/inet.h>], [inet_pton(0,0,0);])
254 if test "$ac_cv_func_clock_gettime" != "yes";then
255 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
256 gnutls_needs_librt=yes
260 if test "$ac_cv_func_iconv" != "yes";then
261 AC_LIB_HAVE_LINKFLAGS(iconv,, [#include <iconv.h>], [iconv (0, 0, 0, 0, 0);])
262 if test "$HAVE_LIBICONV" = "yes";then
269 if test "$ac_have_unicode" != "yes";then
270 if test "$have_win" = "yes";then
275 SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c"
276 if test -f "$SUITE_FILE";then
277 can_do_valgrind_tests=yes
279 can_do_valgrind_tests=no
282 dnl Note that g*l_INIT are run after we check for library capabilities,
283 dnl to prevent issues from caching lib dependencies. See discussion
284 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
285 dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
289 if test "$can_do_valgrind_tests" != "yes";then
291 AC_SUBST(VALGRIND, [])
292 opt_valgrind_tests=no
295 AM_CONDITIONAL(WANT_TEST_SUITE, [test "$opt_valgrind_tests" != no])
297 dnl GCC warnings to enable
299 AC_ARG_ENABLE([gcc-warnings],
300 [AS_HELP_STRING([--disable-gcc-warnings],
301 [turn off lots of GCC warnings (for developers)])],
304 *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
306 gl_gcc_warnings=$enableval],
307 [gl_gcc_warnings=yes]
310 if test "$gl_gcc_warnings" = yes; then
311 gl_WARN_ADD([-Wframe-larger-than=2048], [WSTACK_CFLAGS])
313 nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
314 nw="$nw -Wc++-compat" # We don't care about C++ compilers
315 nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib
316 nw="$nw -Wtraditional" # Warns on #elif which we use often
317 nw="$nw -Wpadded" # Our structs are not padded
318 nw="$nw -Wtraditional-conversion" # Too many warnings for now
319 nw="$nw -Wswitch-default" # Too many warnings for now
320 nw="$nw -Wformat-y2k" # Too many warnings for now
321 nw="$nw -Woverlength-strings" # We use some in tests/
322 nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays
323 nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
324 nw="$nw -Wformat-signedness" # Too many to handle
325 nw="$nw -Wstrict-overflow"
326 nw="$nw -Wmissing-noreturn"
327 nw="$nw -Winline" # Too compiler dependent
328 nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
329 nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
330 nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
331 nw="$nw -Wstack-protector" # Some functions cannot be protected
332 nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle)
334 gl_MANYWARN_ALL_GCC([ws])
335 gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
340 gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
341 gl_WARN_ADD([-Wno-format-y2k]) # Too many warnings for now
342 gl_WARN_ADD([-Wno-unused-value]) # warnings for things we don't want to get
343 gl_WARN_ADD([-Wno-unused-result]) # warnings for things we don't want to get
344 gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
345 gl_WARN_ADD([-Wno-stack-protector]) # Some functions cannot be protected
346 gl_WARN_ADD([-Wno-int-to-pointer-cast]) # Some files cannot be compiled with that (gl_fd_to_handle)
347 gl_WARN_ADD([-fdiagnostics-show-option])
350 AC_SUBST([WERROR_CFLAGS])
351 AC_SUBST([WSTACK_CFLAGS])
352 AC_SUBST([WARN_CFLAGS])
354 dnl Programs for compilation or development
356 LT_INIT([disable-static,win32-dll,shared])
360 AC_ARG_ENABLE(self-checks,
361 AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
362 enable_self_checks=$enableval, enable_self_checks=no)
364 AC_ARG_ENABLE(fips140-mode,
365 AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
366 enable_fips=$enableval, enable_fips=no)
367 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
368 if [ test "$enable_fips" = "yes" ];then
369 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
370 if test "x$HAVE_LIBDL" = "xyes";then
371 enable_self_checks=yes
373 AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
375 AC_SUBST([FIPS140_LIBS], $LIBDL)
380 *** This system is not supported in FIPS140 mode.
381 *** libdl and dladdr() are required.
386 AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],
387 [disable support for libidn]),
388 try_libidn="$withval",
391 if test "$try_libidn" = yes;then
392 PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no])
393 if test "$with_libidn" != "no";then
394 if ! $PKG_CONFIG --atleast-version=1.31 libidn; then
395 with_buggy_libidn=yes
398 AC_DEFINE([HAVE_LIBIDN], 1, [Build IDNA support])
399 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
400 GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn"
402 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn"
408 *** libidn was not found. IDNA support will be disabled.
415 AM_CONDITIONAL(HAVE_LIBIDN, test "$with_libidn" != "no")
416 AM_CONDITIONAL(HAVE_BUGGY_LIBIDN, test "$with_buggy_libidn" = "yes")
418 AC_ARG_ENABLE(non-suiteb-curves,
419 AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
420 enable_non_suiteb=$enableval, enable_non_suiteb=yes)
421 if [ test "$enable_non_suiteb" = "yes" ];then
422 AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
424 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
426 AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
427 if [ test "$enable_self_checks" = "yes" ];then
428 AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
431 AC_MSG_CHECKING([whether to build libdane])
432 AC_ARG_ENABLE(libdane,
433 AS_HELP_STRING([--disable-libdane],
434 [disable the built of libdane]),
435 enable_dane=$enableval, enable_dane=yes)
436 AC_MSG_RESULT($enable_dane)
438 if test "$enable_dane" != "no"; then
439 LIBS="$oldlibs -lunbound"
440 AC_MSG_CHECKING([for unbound library])
441 AC_LINK_IFELSE([AC_LANG_PROGRAM([
442 #include <unbound.h>],[
444 ctx = ub_ctx_create();])],
446 AC_SUBST([UNBOUND_LIBS], [-lunbound])
447 AC_SUBST([UNBOUND_CFLAGS], [])
448 AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
453 *** libunbound was not found. Libdane will not be built.
459 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
461 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
462 [specify the unbound root key file]),
463 unbound_root_key_file="$withval",
464 if test "$have_win" = yes; then
465 unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
467 if test -f /var/lib/unbound/root.key;then
468 unbound_root_key_file="/var/lib/unbound/root.key"
470 if test -f /usr/share/dns/root.key;then
471 unbound_root_key_file="/usr/share/dns/root.key"
473 unbound_root_key_file="/etc/unbound/root.key"
479 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
480 ["$unbound_root_key_file"], [The DNSSEC root key file])
482 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
483 [specify the system priority file]),
484 system_priority_file="$withval",
485 system_priority_file="/etc/gnutls/default-priorities"
488 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
489 ["$system_priority_file"], [The system priority file])
492 dnl Check for p11-kit
493 P11_KIT_MINIMUM=0.23.1
495 AS_HELP_STRING([--without-p11-kit],
496 [Build without p11-kit and PKCS#11 support]))
497 if test "$with_p11_kit" != "no"; then
498 PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
499 if test "$with_p11_kit" != "no";then
500 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
501 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
502 GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
504 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
510 *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
511 *** use --without-p11-kit, otherwise you may get p11-kit from
512 *** http://p11-glue.freedesktop.org/p11-kit.html
517 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
520 AS_HELP_STRING([--without-tpm],
521 [Disable TPM (trousers) support.]),
522 [with_tpm=$withval], [with_tpm=yes])
523 if test "$with_tpm" != "no"; then
524 LIBS="$oldlibs -ltspi"
525 AC_MSG_CHECKING([for tss library])
526 AC_LINK_IFELSE([AC_LANG_PROGRAM([
527 #include <trousers/tss.h>
528 #include <trousers/trousers.h>],[
529 int err = Tspi_Context_Create((void *)0);
530 Trspi_Error_String(err);])],
532 AC_SUBST([TSS_LIBS], [-ltspi])
533 AC_SUBST([TSS_CFLAGS], [])
534 AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
539 *** trousers was not found. TPM support will be disabled.
545 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
547 if test -f "/usr/lib64/libtspi.so.1";then
548 default_trousers_lib="/usr/lib64/libtspi.so.1"
550 default_trousers_lib="/usr/lib/libtspi.so.1"
553 AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB],
554 [set the location of the trousers library]),
555 ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib)
557 AC_DEFINE_UNQUOTED(TROUSERS_LIB, ["$ac_trousers_lib"], [the location of the trousers library])
558 AC_SUBST(TROUSERS_LIB)
561 if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
562 LIBOPTS_CHECK([src/libopts])
563 if test "$NEED_LIBOPTS_DIR" = "true";then
564 dnl replace libopts-generated files with distributed backups, if present
566 for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
567 nam=`echo $i|sed 's/.bak//g'`
574 if test -z "$missing_baks"; then
575 AC_SUBST([AUTOGEN], [/bin/true])
580 # Need to ensure the relevant conditionals get set
582 AM_CONDITIONAL([INSTALL_LIBOPTS],[false])
583 AM_CONDITIONAL([NEED_LIBOPTS], [false])
587 AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes")
589 AC_CHECK_TYPE(ssize_t,
591 DEFINE_SSIZE_T="#include <sys/types.h>"
592 AC_SUBST(DEFINE_SSIZE_T)
594 AC_DEFINE([NO_SSIZE_T], 1, [no ssize_t type was found])
595 DEFINE_SSIZE_T="typedef int ssize_t;"
596 AC_SUBST(DEFINE_SSIZE_T)
598 #include <sys/types.h>
602 AC_CHECK_SIZEOF(unsigned long int, 4)
603 AC_CHECK_SIZEOF(unsigned int, 4)
605 AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
606 [disable zlib compression support]),
607 ac_zlib=$withval, ac_zlib=yes)
608 AC_MSG_CHECKING([whether to include zlib compression support])
609 if test x$ac_zlib != xno; then
611 AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
612 if test x$ac_cv_libz != xyes; then
615 *** ZLIB was not found. You will not be able to use ZLIB compression.)
621 PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
623 if test x$ac_zlib != xno; then
624 if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
625 if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
626 GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
628 GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
632 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
636 AC_ARG_WITH([default-trust-store-pkcs11],
637 [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
638 [use the given pkcs11 uri as default trust store])])
640 if test "x$with_default_trust_store_pkcs11" != x; then
641 if test "x$with_p11_kit" = xno; then
642 AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
644 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
645 ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
648 AC_ARG_WITH([default-trust-store-dir],
649 [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
650 [use the given directory as default trust store])])
652 if test "x$with_default_trust_store_dir" != x; then
653 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
654 ["$with_default_trust_store_dir"], [use the given directory as default trust store])
657 dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
658 AC_ARG_WITH([default-trust-store-file],
659 [AS_HELP_STRING([--with-default-trust-store-file=FILE],
660 [use the given file default trust store])], with_default_trust_store_file="$withval",
661 [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then
663 /etc/ssl/ca-bundle.pem \
664 /etc/ssl/certs/ca-certificates.crt \
665 /etc/pki/tls/cert.pem \
666 /usr/local/share/certs/ca-root-nss.crt \
669 if test -e "$i"; then
670 with_default_trust_store_file="$i"
677 if test "$with_default_trust_store_file" = "no";then
678 with_default_trust_store_file=""
681 AC_ARG_WITH([default-crl-file],
682 [AS_HELP_STRING([--with-default-crl-file=FILE],
683 [use the given CRL file as default])])
685 AC_ARG_WITH([default-blacklist-file],
686 [AS_HELP_STRING([--with-default-blacklist-file=FILE],
687 [use the given certificate blacklist file as default])])
689 if test "x$with_default_trust_store_file" != x; then
690 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
691 ["$with_default_trust_store_file"], [use the given file default trust store])
694 if test "x$with_default_crl_file" != x; then
695 AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
696 ["$with_default_crl_file"], [use the given CRL file])
699 if test "x$with_default_blacklist_file" != x; then
700 AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
701 ["$with_default_blacklist_file"], [use the given certificate blacklist file])
705 opt_guile_bindings=yes
706 AC_MSG_CHECKING([whether building Guile bindings])
708 AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
709 opt_guile_bindings=$enableval)
710 AC_MSG_RESULT($opt_guile_bindings)
712 AC_ARG_WITH([guile-site-dir],
713 [AS_HELP_STRING([--with-guile-site-dir],
714 [use the given directory as the Guile site (use with care)])])
716 if test "$opt_guile_bindings" = "yes"; then
718 *** Detecting GNU Guile...
721 AC_PATH_PROG([guile_snarf], [guile-snarf])
722 if test "x$guile_snarf" = "x"; then
723 AC_MSG_WARN([`guile-snarf' from Guile 1.8 not found. Guile bindings not built.])
724 opt_guile_bindings=no
729 save_CFLAGS="$CFLAGS"
731 CFLAGS="$CFLAGS $GUILE_CFLAGS"
732 LIBS="$LIBS $GUILE_LDFLAGS"
733 AC_MSG_CHECKING([whether GNU Guile is recent enough])
734 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
735 [], [opt_guile_bindings=no])
736 CFLAGS="$save_CFLAGS"
739 if test "$opt_guile_bindings" = "yes"; then
741 case "x$with_guile_site_dir" in
743 # Use the default $(GUILE_SITE).
747 # Automatically derive $(GUILE_SITE) from $(pkgdatadir). This
748 # hack is used to allow `distcheck' to work (see
749 # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am').
750 GUILE_SITE="\$(datadir)/guile/site"
754 # Use the user-specified directory as $(GUILE_SITE).
755 GUILE_SITE="$with_guile_site_dir"
759 AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
760 _gcc_cflags_save="$CFLAGS"
761 CFLAGS="${CFLAGS} -fgnu89-inline"
762 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
763 gnu89_inline=yes, gnu89_inline=no)
764 AC_MSG_RESULT($gnu89_inline)
765 CFLAGS="$_gcc_cflags_save"
767 # Optional Guile functions.
768 save_CFLAGS="$CFLAGS"
770 CFLAGS="$CFLAGS $GUILE_CFLAGS"
771 LIBS="$LIBS $GUILE_LDFLAGS"
772 AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
773 CFLAGS="$save_CFLAGS"
776 # The place where guile-gnutls.la will go.
777 AC_MSG_CHECKING([the Guile effective version])
778 guile_effective_version="`$GUILE -c '(display (effective-version))'`"
779 AC_MSG_RESULT([$guile_effective_version])
780 guileextensiondir="$libdir/guile/$guile_effective_version"
781 AC_SUBST([guileextensiondir])
784 AC_MSG_WARN([A sufficiently recent GNU Guile not found. Guile bindings not built.])
785 opt_guile_bindings=no
789 AM_CONDITIONAL(HAVE_GUILE, test "$opt_guile_bindings" = "yes")
791 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
792 LIBGNUTLS_CFLAGS="-I${includedir}"
793 AC_SUBST(LIBGNUTLS_LIBS)
794 AC_SUBST(LIBGNUTLS_CFLAGS)
796 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
798 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
799 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
801 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
802 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
803 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
805 dnl Crywrap dependencies
807 *** Checking dependencies for crywrap...
812 if test "$have_win" != "yes"; then
814 AC_CHECK_HEADERS([arpa/inet.h netinet/in.h sys/select.h sys/types.h sys/wait.h])
816 dnl **********************
818 dnl **********************
819 AC_CACHE_CHECK([return type of signal handlers],[ac_cv_type_signal],[AC_COMPILE_IFELSE(
820 [AC_LANG_PROGRAM([#include <sys/types.h>
823 [return *(signal (0, 0)) (0) == 1;])],
824 [ac_cv_type_signal=int],
825 [ac_cv_type_signal=void])])
826 AC_DEFINE_UNQUOTED([RETSIGTYPE],[$ac_cv_type_signal],[Define as the return type of signal handlers
829 AC_FUNC_SELECT_ARGTYPES
830 AC_CHECK_FUNCS([alarm atexit dup2 epoll_create kqueue memchr memset munmap \
831 putenv regcomp scandir select socket strcasecmp strchr \
832 strdup strerror strncasecmp strrchr strstr strtoul uname])
834 AC_ARG_ENABLE(crywrap,
835 AS_HELP_STRING([--disable-crywrap], [unconditionally disable the crywrap TLS proxy service]))
838 if test "x$enable_crywrap" != "xno" ; then
839 AC_CHECK_FUNCS([argp_usage],[ac_argp=yes],[ac_argp=no])
840 if test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no" && test "$with_libidn" != "no";then
847 AM_CONDITIONAL(ENABLE_CRYWRAP, test "x$crywrap" != "xno")
849 dnl end of crywrap requirements
851 dnl Some variables needed in makefiles
853 AC_SUBST([YEAR], $YEAR)
855 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
859 doc/credentials/Makefile
860 doc/credentials/openpgp/Makefile
861 doc/credentials/srp/Makefile
862 doc/credentials/x509/Makefile
865 doc/examples/Makefile
867 doc/manpages/Makefile
868 doc/reference/Makefile
869 doc/reference/version.xml
872 extra/includes/Makefile
874 libdane/includes/Makefile
875 libdane/gnutls-dane.pc
879 guile/modules/Makefile
883 lib/accelerated/Makefile
884 lib/accelerated/x86/Makefile
885 lib/algorithms/Makefile
890 lib/includes/Makefile
891 lib/includes/gnutls/gnutls.h
892 lib/minitasn1/Makefile
902 tests/cert-tests/Makefile
907 tests/key-tests/Makefile
908 tests/openpgp-certs/Makefile
909 tests/pkcs1-padding/Makefile
910 tests/pkcs12-decode/Makefile
911 tests/pkcs8-decode/Makefile
912 tests/rsa-md5-collision/Makefile
913 tests/safe-renegotiation/Makefile
914 tests/scripts/Makefile
918 tests/userid/Makefile
923 dnl Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
924 AC_MSG_NOTICE([summary of build options:
926 version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
927 Host/Target system: ${host}
928 Build system: ${build}
929 Install prefix: ${prefix}
931 Valgrind: $opt_valgrind_tests ${VALGRIND}
933 Library types: Shared=${enable_shared}, Static=${enable_static}
934 Local libopts: ${included_libopts}
935 Local libtasn1: ${included_libtasn1}
936 Use nettle-mini: ${mini_nettle}
939 AC_MSG_NOTICE([External hardware support:
941 /dev/crypto: $enable_cryptodev
942 Hardware accel: $hw_accel
943 Padlock accel: $use_padlock
944 getrandom variant: $enable_getrandom
945 PKCS#11 support: $with_p11_kit
946 TPM support: $with_tpm
948 if test -n "$ac_trousers_lib";then
950 TPM library: $ac_trousers_lib
954 AC_MSG_NOTICE([Optional features:
955 (note that included applications might not compile properly
956 if features are disabled)
958 DTLS-SRTP support: $ac_enable_srtp
959 ALPN support: $ac_enable_alpn
960 OCSP support: $ac_enable_ocsp
961 Ses. ticket support: $ac_enable_session_tickets
962 OpenPGP support: $ac_enable_openpgp
963 SRP support: $ac_enable_srp
964 PSK support: $ac_enable_psk
965 DHE support: $ac_enable_dhe
966 ECDHE support: $ac_enable_ecdhe
967 Anon auth support: $ac_enable_anon
968 Heartbeat support: $ac_enable_heartbeat
969 IDNA support: $with_libidn
970 Unicode support: $ac_have_unicode
971 Self checks: $enable_self_checks
972 Non-SuiteB curves: $enable_non_suiteb
973 FIPS140 mode: $enable_fips
976 AC_MSG_NOTICE([Optional applications:
978 crywrap app: $crywrap
981 AC_MSG_NOTICE([Optional libraries:
983 Guile wrappers: $opt_guile_bindings
984 C++ library: $use_cxx
985 DANE library: $enable_dane
986 OpenSSL compat: $enable_openssl
989 AC_MSG_NOTICE([System files:
991 Trust store pkcs11: $with_default_trust_store_pkcs11
992 Trust store dir: $with_default_trust_store_dir
993 Trust store file: $with_default_trust_store_file
994 Blacklist file: $with_default_blacklist_file
995 CRL file: $with_default_crl_file
996 Priority file: $system_priority_file
997 DNSSEC root key file: $unbound_root_key_file
1000 if test ! -f "$unbound_root_key_file"; then
1003 *** The DNSSEC root key file in $unbound_root_key_file was not found.
1004 *** This file is needed for the verification of DNSSEC responses.
1005 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
1006 *** to generate or update it.