1 AC_INIT(openconnect, 4.99)
5 AM_MAINTAINER_MODE([enable])
6 AM_INIT_AUTOMAKE([foreign])
7 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
9 # Define htmldir and localedir for users of ancient autoconf building from git
10 AC_PREREQ([2.59c], [], [AC_SUBST([htmldir], [m4_ifset([AC_PACKAGE_TARNAME],
11 ['${datadir}/doc/${PACKAGE_TARNAME}'],
12 ['${datadir}/doc/${PACKAGE}'])
15 AC_PREREQ([2.60], [], [AC_SUBST([localedir], ['$(datadir)/locale'])])
17 # Upstream's pkg.m4 (since 0.27) offers this now, but define our own
18 # compatible version in case the local version of pkgconfig isn't new enough.
19 # https://bugs.freedesktop.org/show_bug.cgi?id=48743
20 m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR],
21 [AC_ARG_WITH([pkgconfigdir],
22 [AS_HELP_STRING([--with-pkgconfigdir],
23 [install directory for openconnect.pc pkg-config file])],
24 [],[with_pkgconfigdir='$(libdir)/pkgconfig'])
25 AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])])
27 AC_ARG_WITH([vpnc-script],
28 [AS_HELP_STRING([--with-vpnc-script],
29 [default location of vpnc-script helper])])
31 if test "$with_vpnc_script" = "yes" || test "$with_vpnc_script" = ""; then
32 with_vpnc_script=/etc/vpnc/vpnc-script
33 if ! test -x "$with_vpnc_script"; then
34 AC_MSG_ERROR([${with_vpnc_script} does not seem to be executable.]
35 [OpenConnect will not function correctly without a vpnc-script.]
36 [See http://www.infradead.org/openconnect/vpnc-script.html for more details.]
38 [If you are building a distribution package, please ensure that your]
39 [packaging is correct, and that a vpnc-script will be installed when the]
40 [user installs your package. You should provide a --with-vpnc-script=]
41 [argument to this configure script, giving the full path where the script]
44 [The standard location is ${with_vpnc_script}. To bypass this error and]
45 [build OpenConnect to use the script from this location, even though it's]
46 [not present at the time you are building OpenConnect, pass the argument]
47 ["--with-vpnc-script=${with_vpnc_script}"])
49 elif test "$with_vpnc_script" = "no"; then
50 AC_ERROR([You cannot disable vpnc-script.]
51 [OpenConnect will not function correctly without it.]
52 [See http://www.infradead.org/openconnect/vpnc-script.html])
55 AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
56 AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
61 AC_MSG_NOTICE([Applying feature macros for GNU build])
62 AC_DEFINE(_POSIX_C_SOURCE, 200112L)
64 AC_DEFINE(_BSD_SOURCE)
66 AC_DEFINE(_GNU_SOURCE)
69 AC_MSG_NOTICE([Applying feature macros for NetBSD build])
70 AC_DEFINE(_POSIX_C_SOURCE, 200112L)
71 AC_DEFINE(_NETBSD_SOURCE)
74 AC_MSG_NOTICE([Applying feature macros for OpenBSD build])
75 use_openbsd_libtool=true
78 # On FreeBSD the only way to get vsyslog() visible is to define
79 # *nothing*, which makes absolutely everything visible.
80 # On Darwin enabling _POSIX_C_SOURCE breaks <sys/mount.h> because
81 # u_long and other types don't get defined. OpenBSD is similar.
91 symver_time="openconnect__time;"
95 AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1)], [])
96 AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1)], [symver_getline="openconnect__getline;"])
97 AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1)], [])
98 AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1)], [symver_asprintf="openconnect__asprintf;"])
99 if test -n "$symver_asprintf"; then
100 AC_MSG_CHECKING([for va_copy])
101 AC_LINK_IFELSE([AC_LANG_PROGRAM([
107 [AC_DEFINE(HAVE_VA_COPY, 1)
108 AC_MSG_RESULT(va_copy)],
109 [AC_LINK_IFELSE([AC_LANG_PROGRAM([
115 [AC_DEFINE(HAVE___VA_COPY, 1)
116 AC_MSG_RESULT(__va_copy)],
118 AC_MSG_ERROR([Your system lacks asprintf() and va_copy()])])
121 AC_SUBST(SYMVER_TIME, $symver_time)
122 AC_SUBST(SYMVER_GETLINE, $symver_getline)
123 AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf)
125 AS_COMPILER_FLAGS(CFLAGS,
128 -Wno-missing-field-initializers
130 -Wno-unused-parameter
131 -Werror=pointer-to-int-cast
132 -Wdeclaration-after-statement
133 -Werror-implicit-function-declaration
137 -Wmissing-declarations
138 -Wmissing-include-dirs
143 AC_CHECK_FUNC(socket, [], AC_CHECK_LIB(socket, socket, [], AC_ERROR(Cannot find socket() function)))
144 AC_CHECK_FUNC(inet_aton, [], AC_CHECK_LIB(nsl, inet_aton, [], AC_ERROR(Cannot find inet_aton() function)))
150 [ --disable-nls do not use Native Language Support],
151 [USE_NLS=$enableval], [USE_NLS=yes])
153 if test "$USE_NLS" = "yes"; then
154 AC_PATH_PROG(MSGFMT, msgfmt)
155 if test "$MSGFMT" = ""; then
156 AC_ERROR([msgfmt could not be found. Try configuring with --disable-nls])
160 if test "$USE_NLS" = "yes"; then
161 AC_MSG_CHECKING([for functional NLS support])
162 AC_LINK_IFELSE([AC_LANG_PROGRAM([
164 #include <libintl.h>],[
165 setlocale(LC_ALL, "");
166 bindtextdomain("openconnect", "/tmp");
167 (void)dgettext("openconnect", "foo");])],
168 [AC_MSG_RESULT(yes)],
171 AC_LINK_IFELSE([AC_LANG_PROGRAM([
173 #include <libintl.h>],[
174 setlocale(LC_ALL, "");
175 bindtextdomain("openconnect", "/tmp");
176 (void)dgettext("openconnect", "foo");])],
177 [AC_MSG_RESULT(yes (with -lintl))]
179 [LIBS="$LIBS -liconv"
180 AC_LINK_IFELSE([AC_LANG_PROGRAM([
182 #include <libintl.h>],[
183 setlocale(LC_ALL, "");
184 bindtextdomain("openconnect", "/tmp");
185 (void)dgettext("openconnect", "foo");])],
186 [AC_MSG_RESULT(yes (with -lintl -liconv))]
193 if test "$USE_NLS" = "yes"; then
195 AC_DEFINE(ENABLE_NLS, 1)
197 AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
199 AC_ARG_WITH([system-cafile],
200 AS_HELP_STRING([--with-system-cafile],
201 [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
203 # We will use GnuTLS if it's requested, and if GnuTLS doesn't have DTLS
204 # support then we'll *also* use OpenSSL for that, but it appears *only*
205 # only in the openconnect executable and not the library (hence shouldn't
206 # be a problem for GPL'd programs using libopenconnect).
208 # If built with --with-gnutls --without-openssl then we'll even eschew
209 # OpenSSL for DTLS support and will build without any DTLS support at all
210 # if GnuTLS cannot manage.
212 # The default (for now) is to use OpenSSL for everything.
214 AC_ARG_WITH([gnutls],
215 AS_HELP_STRING([--with-gnutls],
216 [Use GnuTLS instead of OpenSSL (EXPERIMENTAL)]))
217 AC_ARG_WITH([openssl],
218 AS_HELP_STRING([--with-openssl],
219 [Location of OpenSSL build dir]))
222 if test "$with_gnutls" = "yes"; then
223 PKG_CHECK_MODULES(GNUTLS, gnutls)
224 if ! $PKG_CONFIG --atleast-version=2.12.16 gnutls; then
225 AC_MSG_ERROR([Your GnuTLS is too old. At least v2.12.16 is required])
228 LIBS="$LIBS $GNUTLS_LIBS"
229 AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
230 [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1)], [])
231 AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
232 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
233 if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
234 # We will need to tell GnuTLS the path to the system CA file.
235 if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
236 unset with_system_cafile
237 AC_MSG_CHECKING([For location of system CA trust file])
238 for file in /etc/ssl/certs/ca-certificates.crt \
239 /etc/pki/tls/cert.pem \
240 /usr/local/share/certs/ca-root-nss.crt \
241 /etc/ssl/cert.pem; do
242 if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
243 with_system_cafile=${file}
247 AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
248 elif test "$with_system_cafile" = "no"; then
249 AC_MSG_ERROR([You cannot disable the system CA certificate file.])
251 if test "$with_system_cafile" = ""; then
252 AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
253 [Your GnuTLS requires a path to a CA certificate store. This is a file]
254 [which contains a list of the Certificate Authorities which are trusted.]
255 [Most distributions ship with this file in a standard location, but none]
256 [the known standard locations exist on your system. You should provide a]
257 [--with-system-cafile= argument to this configure script, giving the full]
258 [path to a default CA certificate file for GnuTLS to use. Also, please]
259 [send full details of your system, including 'uname -a' output and the]
260 [location of the system CA certificate store on your system, to the]
261 [openconnect-devel@lists.infradead.org mailing list.])
263 AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"])
265 AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
266 [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
267 AC_CHECK_FUNC(gnutls_certificate_set_key,
268 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
269 if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
270 AC_CHECK_FUNC(gnutls_session_set_premaster,
271 [have_gnutls_dtls=yes], [have_gnutls_dtls=no])
275 if test "$have_gnutls_dtls" = "yes"; then
276 if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
277 # They either said no OpenSSL or didn't specify, and GnuTLS can
278 # do DTLS, so just use GnuTLS.
279 AC_DEFINE(HAVE_GNUTLS_SESSION_SET_PREMASTER, 1)
283 # They specifically asked for OpenSSL, so use it for DTLS even
284 # though GnuTLS could manage.
288 if test "$with_openssl" = "no"; then
289 # GnuTLS doesn't have DTLS, but they don't want OpenSSL. So build
290 # without DTLS support at all.
293 # GnuTLS doesn't have DTLS so use OpenSSL for it, but GnuTLS for
294 # the TCP connection (and thus in the library).
298 AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
299 [PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
300 AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
301 LIBS="$oldlibs -ltspi"
302 AC_MSG_CHECKING([for tss library])
303 AC_LINK_IFELSE([AC_LANG_PROGRAM([
304 #include <trousers/tss.h>
305 #include <trousers/trousers.h>],[
306 int err = Tspi_Context_Create((void *)0);
307 Trspi_Error_String(err);])],
309 AC_SUBST([TSS_LIBS], [-ltspi])
310 AC_SUBST([TSS_CFLAGS], [])
311 AC_DEFINE(HAVE_TROUSERS, 1)],
314 elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
315 AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
317 if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then
318 PKG_CHECK_MODULES(OPENSSL, openssl, [],
320 LIBS="$LIBS -lssl -lcrypto"
321 AC_MSG_CHECKING([for OpenSSL without pkg-config])
322 AC_LINK_IFELSE([AC_LANG_PROGRAM([
323 #include <openssl/ssl.h>
324 #include <openssl/err.h>],[
327 SSL_load_error_strings();
328 OpenSSL_add_all_algorithms();])],
330 AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"])
331 AC_SUBST([OPENSSL_CFLAGS], [])],
333 if test "$ssl_library" = "both"; then
334 ssl_library="gnutls";
336 AC_ERROR([Could not build against OpenSSL]);
339 if test "$ssl_library" != "both" && test "$ssl_library" != "gnutls"; then
342 elif test "$with_openssl" != "no" ; then
343 OPENSSL_CFLAGS="-I${with_openssl}/include"
344 OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz"
345 AC_SUBST(OPENSSL_CFLAGS)
346 AC_SUBST(OPENSSL_LIBS)
349 AC_DEFINE(DTLS_OPENSSL, 1)
350 if test "$ssl_library" != "both"; then
355 case "$ssl_library" in
357 AC_DEFINE(OPENCONNECT_GNUTLS, 1)
358 AC_DEFINE(DTLS_GNUTLS, 1)
359 AC_SUBST(SSL_LIBRARY, [gnutls])
360 AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
361 AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
364 AC_DEFINE(OPENCONNECT_OPENSSL, 1)
365 AC_DEFINE(DTLS_OPENSSL, 1)
366 AC_SUBST(SSL_LIBRARY, [openssl])
367 AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
368 AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
369 AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
372 # GnuTLS for TCP, OpenSSL for DTLS
373 AC_DEFINE(OPENCONNECT_GNUTLS, 1)
374 AC_DEFINE(DTLS_OPENSSL, 1)
375 AC_SUBST(SSL_LIBRARY, [gnutls])
376 AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS)'])
377 AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
378 AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)'])
379 AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
380 AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
383 AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
386 AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ])
387 AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ])
389 # Needs to happen after we default to static/shared libraries based on OpenSSL
391 if test "$use_openbsd_libtool" = "true" && test -x /usr/bin/libtool; then
392 echo using OpenBSD libtool
393 LIBTOOL=/usr/bin/libtool
395 AM_CONDITIONAL(OPENBSD_LIBTOOL, [ test "$use_openbsd_libtool" = "true" ])
397 # Ick. This seems like it's likely to be very fragile, but I can't see a better
398 # way. I shall console myself with the observation that the failure mode isn't
399 # particularly horrible — you just don't get symbol versioning if it fails.
401 if test "$enable_shared" = "yes" ; then
402 AC_MSG_CHECKING([if library symbol versioning is available]);
403 echo 'FOO { global: foo; local: *; };' > conftest.map
404 echo 'int foo = 0;' > conftest.$ac_ext
405 if AC_TRY_EVAL(ac_compile); then
407 libobjs=conftest.$ac_objext
408 if AC_TRY_EVAL(archive_cmds ${wl}--version-script ${wl}conftest.map); then
409 AC_SUBST(VERSION_SCRIPT_ARG, [--version-script])
410 symvers="yes (with --version-script)"
411 elif AC_TRY_EVAL(archive_cmds ${wl}-M ${wl}conftest.map); then
412 AC_SUBST(VERSION_SCRIPT_ARG, [-M])
413 symvers="yes (with -M)"
416 AC_MSG_RESULT(${symvers})
418 AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" != "no"])
420 PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
422 PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
425 AC_MSG_CHECKING([for zlib without pkg-config])
426 AC_LINK_IFELSE([AC_LANG_PROGRAM([
429 deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
430 -12, 9, Z_DEFAULT_STRATEGY);])],
432 AC_SUBST([ZLIB_LIBS], [-lz])
433 AC_SUBST([ZLIB_CFLAGS], [])],
435 AC_ERROR([Could not build against zlib])])
438 PKG_CHECK_MODULES(LIBPROXY, libproxy-1.0,
439 [AC_SUBST(LIBPROXY_PC, libproxy-1.0)
440 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"])
443 dnl Libproxy *can* exist without a .pc file, and its header may be called
444 dnl libproxy.h in that case.
445 if (test "$libproxy_pkg" = "no"); then
446 AC_MSG_CHECKING([for libproxy])
449 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <libproxy.h>],
450 [(void)px_proxy_factory_new();])],
451 [AC_MSG_RESULT(yes (with libproxy.h))
452 AC_DEFINE([LIBPROXY_HDR], ["libproxy.h"])
453 AC_SUBST([LIBPROXY_LIBS], [-lproxy])],
454 [AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <proxy.h>],
455 [(void)px_proxy_factory_new();])],
456 [AC_MSG_RESULT(yes (with proxy.h))
457 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"])
458 AC_SUBST([LIBPROXY_LIBS], [-lproxy])],
459 [AC_MSG_RESULT(no)])])
463 PKG_CHECK_MODULES(LIBSTOKEN, stoken,
464 [AC_SUBST(LIBSTOKEN_PC, stoken)
465 AC_DEFINE([LIBSTOKEN_HDR], ["stoken.h"])
469 AC_CHECK_HEADER([if_tun.h],
470 [AC_DEFINE([IF_TUN_HDR], ["if_tun.h"])],
471 [AC_CHECK_HEADER([linux/if_tun.h],
472 [AC_DEFINE([IF_TUN_HDR], ["linux/if_tun.h"])],
473 [AC_CHECK_HEADER([net/if_tun.h],
474 [AC_DEFINE([IF_TUN_HDR], ["net/if_tun.h"])],
475 [AC_CHECK_HEADER([net/tun/if_tun.h],
476 [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])])
478 if test "$ssl_library" = "openssl" || test "$ssl_library" = "both"; then
480 LIBS="$LIBS $OPENSSL_LIBS"
482 if test "$ssl_library" = "openssl"; then
483 AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL])
484 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/engine.h>],
485 [ENGINE_by_id("foo");])],
487 AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])],
489 AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])])
492 AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL])
493 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>
495 extern void dtls1_stop_timer(SSL *);],
496 [dtls1_stop_timer(NULL);])],
498 AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])],
503 AC_PATH_PROG(PYTHON, [python], [], $PATH:/bin:/usr/bin)
504 if (test -n "${ac_cv_path_PYTHON}"); then
505 AC_SUBST(PYTHON, ${ac_cv_path_PYTHON})
507 AC_MSG_NOTICE([Python not found; not building HTML pages])
509 AM_CONDITIONAL(BUILD_WWW, [test -n "${ac_cv_path_PYTHON}"])
511 AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS $(top_srcdir)/openconnect.h ${top_srcdir}/libopenconnect.map.in'])
512 RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"`
514 LINGUAS=`echo $RAWLINGUAS`
517 APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
518 APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
522 # We want version.c to depend on the files that would affect the
523 # output of version.sh. But we cannot assume that they'll exist,
524 # and we cannot use $(wildcard) in a non-GNU makefile. So we just
525 # depend on the files which happen to exist at configure time.
527 for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \
528 ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do
530 GITVERSIONDEPS="$GITVERSIONDEPS $a"
533 AC_SUBST(GITVERSIONDEPS)
535 AC_OUTPUT(Makefile openconnect.pc po/Makefile www/Makefile libopenconnect.map \
536 openconnect.8 www/styles/Makefile www/inc/Makefile www/images/Makefile)