dnl Process this file with autoconf to produce a configure script. # Copyright (C) 2000-2012, 2016 Free Software Foundation, Inc. # # Author: Nikos Mavrogiannopoulos, Simon Josefsson # # This file is part of GnuTLS. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 # USA AC_PREREQ(2.61) AC_INIT([GnuTLS], [3.6.2], [bugs@gnutls.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST AM_INIT_AUTOMAKE([1.12.2 foreign subdir-objects no-dist-gzip dist-xz -Wall -Wno-override]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_CONFIG_HEADERS([config.h]) AC_MSG_RESULT([*** *** Checking for compilation programs... ]) dnl Checks for programs. PKG_PROG_PKG_CONFIG AC_PROG_CC gl_EARLY ggl_EARLY unistring_EARLY AM_PROG_AS AM_PROG_AR AC_PROG_CXX AM_PROG_CC_C_O AC_PROG_YACC AC_PROG_SED AC_USE_SYSTEM_EXTENSIONS # # Require C99 support # AC_PROG_CC_C99 if test "$ac_cv_prog_cc_c99" = "no"; then AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]]) fi AX_CODE_COVERAGE AM_MAINTAINER_MODE([enable]) AC_ARG_ENABLE(doc, AS_HELP_STRING([--disable-doc], [don't generate any documentation]), enable_doc=$enableval, enable_doc=yes) AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no") AC_ARG_ENABLE(manpages, AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]), enable_manpages=$enableval,enable_manpages=auto) if test "${enable_manpages}" = "auto";then enable_manpages="${enable_doc}" fi AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no") AC_ARG_ENABLE(tools, AS_HELP_STRING([--disable-tools], [don't compile any tools]), enable_tools=$enableval, enable_tools=yes) AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no") if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [:]) if test x"$AUTOGEN" = "x:"; then AC_MSG_WARN([[ *** *** autogen not found. Will not link against libopts. *** ]]) included_libopts=yes fi fi # For includes/gnutls/gnutls.h.in. AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`) AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`) AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]]) AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`) dnl C and C++ capabilities AC_C_INLINE AC_HEADER_STDC # For the C++ code AC_ARG_ENABLE(cxx, AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]), use_cxx=$enableval, use_cxx=yes) if test "$use_cxx" != "no"; then AC_LANG_PUSH(C++) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no) AC_LANG_POP(C++) fi AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") dnl Detect windows build use_accel=yes case "$host" in *android*) have_android=yes have_elf=yes ;; *mingw32* | *mingw64*) have_win=yes ;; *darwin*) have_macosx=yes ;; *solaris*) have_elf=yes use_accel=no AC_MSG_WARN([[ *** *** In solaris hardware acceleration is disabled by default due to issues *** with the assembler. Use --enable-hardware-acceleration to enable it. *** ]]) ;; *) have_elf=yes ;; esac AM_CONDITIONAL(ANDROID, test "$have_android" = yes) AM_CONDITIONAL(WINDOWS, test "$have_win" = yes) AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes) AM_CONDITIONAL(ELF, test "$have_elf" = yes) dnl Hardware Acceleration AC_ARG_ENABLE(hardware-acceleration, AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]), use_accel=$enableval) hw_accel=none use_padlock=no if test "$use_accel" != "no"; then case $host_cpu in armv8 | aarch64) hw_accel="aarch64" case $host_os in *_ilp32) dnl ILP32 not supported in assembler yet hw_accel="none" ;; esac ;; i?86 | x86_64 | amd64) AC_CHECK_HEADERS(cpuid.h) if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then hw_accel="x86-64" else hw_accel="x86" fi use_padlock=yes ;; *) ;; esac fi dnl Check for iovec type AC_CHECK_MEMBERS([struct iovec.iov_basea], [ AC_SUBST([DEFINE_IOVEC_T], ["#include typedef struct iovec giovec_t;"]) ], [ AC_SUBST([DEFINE_IOVEC_T], ["typedef struct { void *iov_base; size_t iov_len; } giovec_t;"]) ], [#include ]) AM_SUBST_NOTMAKE([DEFINE_IOVEC_T]) dnl Need netinet/tcp.h for TCP_FASTOPEN AC_CHECK_HEADERS([netinet/tcp.h]) AC_CHECK_HEADERS([stdatomic.h]) dnl We use its presence to detect C11 threads AC_CHECK_HEADERS([threads.h]) AC_ARG_ENABLE(padlock, AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), use_padlock=$enableval) if test "$use_padlock" != "no"; then AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration]) AC_SUBST([ENABLE_PADLOCK]) fi AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes") AM_CONDITIONAL(ASM_AARCH64, test x"$hw_accel" = x"aarch64") AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64") AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86") AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64") AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"]) AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes") dnl check for getrandom() rnd_variant="auto-detect" AC_MSG_CHECKING([for getrandom]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include ],[ getrandom(0, 0, 0); ])], [AC_MSG_RESULT(yes) AC_DEFINE([HAVE_GETRANDOM], 1, [Enable the Linux getrandom function]) rnd_variant=getrandom], [AC_MSG_RESULT(no)]) AC_MSG_CHECKING([for getentropy]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #ifdef __linux__ #error 1 #endif ],[ getentropy(0, 0); ])], [AC_MSG_RESULT(yes) AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function]) rnd_variant=getentropy], [AC_MSG_RESULT(no)]) AM_CONDITIONAL(HAVE_GETENTROPY, test "$rnd_variant" = "getentropy") dnl Try the hooks.m4 LIBGNUTLS_HOOKS LIBGNUTLS_EXTRA_HOOKS AC_ARG_ENABLE(tests, AS_HELP_STRING([--disable-tests], [don't compile or run any tests]), enable_tests=$enableval, enable_tests=$enable_tools) AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no") AC_ARG_ENABLE(destructive-tests, AS_HELP_STRING([--enable-destructive-tests], [compile and run tests which touch outside gnutls' code boundary]), enable_destructive_tests=$enableval, enable_destructive_tests=no) AM_CONDITIONAL(ENABLE_DESTRUCTIVE_TESTS, test "$enable_destructive_tests" != "no") AC_ARG_ENABLE(fuzzer-target, AS_HELP_STRING([--enable-fuzzer-target], [make a library intended for testing - not production]), enable_fuzzer_target=$enableval, enable_fuzzer_target=no) if test "$enable_fuzzer_target" != "no";then AC_DEFINE([FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], 1, [Enable fuzzer target -not for production]) fi GTK_DOC_CHECK(1.1) AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION([0.19]) AC_C_BIGENDIAN dnl No fork on MinGW, disable some self-tests until we fix them. dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs) AC_CHECK_FUNCS([fork setitimer inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime localtime fmemopen vasprintf mmap fmemopen],,) if test "$ac_cv_func_vasprintf" != "yes";then AC_MSG_CHECKING([for va_copy]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include va_list a;],[ va_list b; va_copy(b,a); va_end(b);])], [AC_DEFINE([HAVE_VA_COPY], 1, [Have va_copy()]) AC_MSG_RESULT(va_copy)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include va_list a;],[ va_list b; __va_copy(b,a); va_end(b);])], [AC_DEFINE([HAVE___VA_COPY], 1, [Have __va_copy()]) AC_MSG_RESULT(__va_copy)], [AC_MSG_RESULT(no) AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])]) ]) fi AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no") AC_CHECK_FUNCS([__register_atfork secure_getenv],,) AC_ARG_ENABLE(seccomp-tests, AS_HELP_STRING([--enable-seccomp-tests], [unconditionally enable tests with seccomp]), seccomp_tests=$enableval, seccomp_tests=no) AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes") # check for libseccomp - used in test programs AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include ], [seccomp_init(0);]) # check for libcrypto - used in test programs AC_LIB_HAVE_LINKFLAGS(crypto,, [#include ], [EVP_CIPHER_CTX_init(NULL);]) AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes") AC_LIB_HAVE_LINKFLAGS(rt,, [#include #include ], [timer_create (0,0,0);]) if test "$have_win" != "yes";then AC_CHECK_FUNCS([pthread_mutex_lock],,) if test "$ac_cv_func_pthread_mutex_lock" != "yes";then AC_LIB_HAVE_LINKFLAGS(pthread,, [#include ], [pthread_mutex_lock (0);]) fi fi if test "$ac_cv_func_nanosleep" != "yes";then AC_LIB_HAVE_LINKFLAGS(rt,, [#include ], [nanosleep (0, 0);]) gnutls_needs_librt=yes fi if test "$ac_cv_func_inet_pton" != "yes";then AC_LIB_HAVE_LINKFLAGS(nsl,, [#include ], [inet_pton(0,0,0);]) fi if test "$ac_cv_func_clock_gettime" != "yes";then AC_LIB_HAVE_LINKFLAGS(rt,, [#include ], [clock_gettime (0, 0);]) gnutls_needs_librt=yes fi AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring], [disable linking with system libunistring]), included_unistring="$withval", included_unistring=no) if test "$included_unistring" = yes;then ac_have_unistring=no else AC_LIB_HAVE_LINKFLAGS(unistring,, [#include ], [u8_normalize(0, 0, 0, 0, 0);]) if test "$HAVE_LIBUNISTRING" = "yes";then included_unistring=no ac_have_unistring=yes else AC_MSG_ERROR([[ *** *** Libunistring was not found. To use the included one, use --with-included-unistring ]]) fi fi AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") dnl Note that g*l_INIT are run after we check for library capabilities, dnl to prevent issues from caching lib dependencies. See discussion dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html gl_INIT ggl_INIT unistring_INIT # disable the extended test suite at tests/suite if asked, or if we are not running in git master AC_ARG_ENABLE(full-test-suite, AS_HELP_STRING([--disable-full-test-suite], [disable running very slow components of test suite]), full_test_suite=$enableval, full_test_suite=yes) # test if we are in git master or in release build. In release # builds we do not use valgrind. SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c" if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then full_test_suite=no fi AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes") dnl GCC warnings to enable AC_ARG_ENABLE([gcc-warnings], [AS_HELP_STRING([--disable-gcc-warnings], [turn off lots of GCC warnings (for developers)])], [case $enableval in yes|no) ;; *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;; esac gl_gcc_warnings=$enableval], [gl_gcc_warnings=yes] ) if test "$gl_gcc_warnings" = yes; then gl_WARN_ADD([-Wtype-limits], [WSTACK_CFLAGS]) nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings nw="$nw -Wc++-compat" # We don't care about C++ compilers nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib nw="$nw -Wtraditional" # Warns on #elif which we use often nw="$nw -Wpadded" # Our structs are not padded nw="$nw -Wtraditional-conversion" # Too many warnings for now nw="$nw -Wswitch-default" # Too many warnings for now nw="$nw -Wformat-y2k" # Too many warnings for now nw="$nw -Woverlength-strings" # We use some in tests/ nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays nw="$nw -Wformat-nonliteral" # Incompatible with gettext _() nw="$nw -Wformat-signedness" # Too many to handle nw="$nw -Wstrict-overflow" nw="$nw -Wmissing-noreturn" nw="$nw -Winline" # Too compiler dependent nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes? nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes? nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes? nw="$nw -Wstack-protector" # Some functions cannot be protected nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle) gl_MANYWARN_ALL_GCC([ws]) gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw]) for w in $ws; do gl_WARN_ADD([$w]) done gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now gl_WARN_ADD([-Wno-format-truncation]) # Many warnings with no point gl_WARN_ADD([-fdiagnostics-show-option]) fi AC_SUBST([WERROR_CFLAGS]) AC_SUBST([WSTACK_CFLAGS]) AC_SUBST([WARN_CFLAGS]) dnl Programs for compilation or development AC_PROG_LN_S LT_INIT([disable-static,win32-dll,shared]) AC_LIB_HAVE_LINKFLAGS(dl,, [#include ], [dladdr (0, 0);]) AC_ARG_ENABLE(fips140-mode, AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]), enable_fips=$enableval, enable_fips=no) AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes") if [ test "$enable_fips" = "yes" ];then if test "x$HAVE_LIBDL" = "xyes";then AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode]) AC_SUBST([FIPS140_LIBS], $LIBDL) AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key], [specify the FIPS140 HMAC key for integrity]), fips_key="$withval", fips_key="orboDeJITITejsirpADONivirpUkvarP") AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key]) else enable_fips=no AC_MSG_WARN([[ *** *** This system is not supported in FIPS140 mode. *** libdl and dladdr() are required. *** ]]) fi fi PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no]) AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no") AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn], [disable support for IDNA]), try_libidn2="$withval", try_libidn2=yes) idna_support=no with_libidn2=no if test "$try_libidn2" = yes;then AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [ with_libidn2=yes; idna_support="IDNA 2008 (libidn2)" AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.]) AC_SUBST([LIBIDN2_CFLAGS], []) AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private) dnl if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then dnl GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2" dnl else dnl GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2" dnl fi ],[ with_libidn2=no; AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support) ]) else with_libidn2=no fi AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no") AC_ARG_ENABLE(non-suiteb-curves, AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]), enable_non_suiteb=$enableval, enable_non_suiteb=yes) if test "$enable_non_suiteb" = "yes";then dnl nettle_secp_192r1 is not really a function AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS]) if test "$enable_non_suiteb" = "yes";then AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves]) fi fi AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes") dnl nettle_rsa_pss_* are only available in the development version of nettle AC_CHECK_LIB(hogweed, nettle_rsa_pss_sha256_verify_digest, have_nettle_rsa_pss=yes, have_nettle_rsa_pss=no, [$HOGWEED_LIBS]) if test "$have_nettle_rsa_pss" = "yes";then AC_DEFINE([HAVE_NETTLE_RSA_PSS], 1, [Have nettle_rsa_pss_*]) fi AM_CONDITIONAL(HAVE_NETTLE_RSA_PSS, test "$have_nettle_rsa_pss" = "yes") AC_MSG_CHECKING([whether to build libdane]) AC_ARG_ENABLE(libdane, AS_HELP_STRING([--disable-libdane], [disable the built of libdane]), enable_dane=$enableval, enable_dane=yes) AC_MSG_RESULT($enable_dane) if test "$enable_dane" != "no"; then LIBS="$oldlibs -lunbound" AC_MSG_CHECKING([for unbound library]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include ],[ struct ub_ctx* ctx; ctx = ub_ctx_create();])], [AC_MSG_RESULT(yes) AC_SUBST([UNBOUND_LIBS], [-lunbound]) AC_SUBST([UNBOUND_CFLAGS], []) AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library]) enable_dane=yes], [AC_MSG_RESULT(no) AC_MSG_WARN([[ *** *** libunbound was not found. Libdane will not be built. *** ]]) enable_dane=no]) LIBS="$oldlibs" fi AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes") AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file], [specify the unbound root key file]), unbound_root_key_file="$withval", if test "$have_win" = yes; then unbound_root_key_file="C:\\Program Files\\Unbound\\root.key" else if test -f /var/lib/unbound/root.key;then unbound_root_key_file="/var/lib/unbound/root.key" else if test -f /usr/share/dns/root.key;then unbound_root_key_file="/usr/share/dns/root.key" else unbound_root_key_file="/etc/unbound/root.key" fi fi fi ) AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE], ["$unbound_root_key_file"], [The DNSSEC root key file]) AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file], [specify the system priority file]), system_priority_file="$withval", system_priority_file="/etc/gnutls/default-priorities" ) AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE], ["$system_priority_file"], [The system priority file]) AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string], [specify the default priority string (e.g. @SYSTEM)]), prio_string="$withval", prio_string="NORMAL") AC_DEFINE_UNQUOTED([DEFAULT_PRIORITY_STRING], ["$prio_string"], [The default priority string]) dnl Check for p11-kit P11_KIT_MINIMUM=0.23.1 AC_ARG_WITH(p11-kit, AS_HELP_STRING([--without-p11-kit], [Build without p11-kit and PKCS#11 support])) if test "$with_p11_kit" != "no"; then PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no]) if test "$with_p11_kit" != "no";then AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support]) if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1" else GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1" fi else with_p11_kit=no AC_MSG_ERROR([[ *** *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support *** use --without-p11-kit, otherwise you may get p11-kit from *** http://p11-glue.freedesktop.org/p11-kit.html *** ]]) fi fi AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no") AC_ARG_WITH(tpm, AS_HELP_STRING([--without-tpm], [Disable TPM (trousers) support.]), [with_tpm=$withval], [with_tpm=yes]) if test "$with_tpm" != "no"; then LIBS="$oldlibs -ltspi" AC_MSG_CHECKING([for tss library]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[ int err = Tspi_Context_Create((void *)0); Trspi_Error_String(err);])], [AC_MSG_RESULT(yes) AC_SUBST([TSS_LIBS], [-ltspi]) AC_SUBST([TSS_CFLAGS], []) AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM]) with_tpm=yes], [AC_MSG_RESULT(no) AC_MSG_WARN([[ *** *** trousers was not found. TPM support will be disabled. *** ]]) with_tpm=no]) LIBS="$oldlibs" fi AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no") for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do if test -f "${l}/libtspi.so.1";then default_trousers_lib="${l}/libtspi.so.1" break fi done AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB], [set the location of the trousers library]), ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib) if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then AC_MSG_ERROR([[ *** *** unable to find trousers library, please specify with --with-trousers-lib= *** ]]) fi AC_DEFINE_UNQUOTED([TROUSERS_LIB], ["$ac_trousers_lib"], [the location of the trousers library]) AC_SUBST(TROUSERS_LIB) included_libopts=no create_libopts_links=no if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then LIBOPTS_CHECK([src/libopts]) if test "$NEED_LIBOPTS_DIR" = "true";then dnl replace libopts-generated files with distributed backups, if present create_libopts_links=yes AC_SUBST([AUTOGEN], [/bin/true]) included_libopts=yes fi else # Need to ensure the relevant conditionals get set gl_STDNORETURN_H AM_CONDITIONAL([INSTALL_LIBOPTS],[false]) AM_CONDITIONAL([NEED_LIBOPTS], [false]) included_libopts=yes fi AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes") AC_CHECK_TYPE(ssize_t, [ DEFINE_SSIZE_T="#include " AC_SUBST(DEFINE_SSIZE_T) ], [ AC_DEFINE([NO_SSIZE_T], 1, [no ssize_t type was found]) DEFINE_SSIZE_T="typedef int ssize_t;" AC_SUBST(DEFINE_SSIZE_T) ], [ #include ]) # For minitasn1. AC_CHECK_SIZEOF(unsigned long int, 4) AC_CHECK_SIZEOF(unsigned int, 4) # export for use in scripts AC_SUBST(ac_cv_sizeof_unsigned_long_int) AC_SUBST(GNUTLS_REQUIRES_PRIVATE) AC_ARG_WITH([default-trust-store-pkcs11], [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI], [use the given pkcs11 uri as default trust store])]) if test "x$with_default_trust_store_pkcs11" != x; then if test "x$with_p11_kit" = xno; then AC_MSG_ERROR([cannot use pkcs11 store without p11-kit]) fi AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11], ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store]) fi AM_CONDITIONAL([HAVE_PKCS11_TRUST_STORE], [test -n "${with_default_trust_store_pkcs11}"]) AC_ARG_WITH([default-trust-store-dir], [AS_HELP_STRING([--with-default-trust-store-dir=DIR], [use the given directory as default trust store])]) if test "x$with_default_trust_store_dir" != x; then AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], ["$with_default_trust_store_dir"], [use the given directory as default trust store]) fi dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html AC_ARG_WITH([default-trust-store-file], [AS_HELP_STRING([--with-default-trust-store-file=FILE], [use the given file default trust store])], with_default_trust_store_file="$withval", [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then for i in \ /etc/ssl/ca-bundle.pem \ /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/cert.pem \ /usr/local/share/certs/ca-root-nss.crt \ /etc/ssl/cert.pem do if test -e "$i"; then with_default_trust_store_file="$i" break fi done fi] ) if test "$with_default_trust_store_file" = "no";then with_default_trust_store_file="" fi AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) AC_ARG_WITH([default-blacklist-file], [AS_HELP_STRING([--with-default-blacklist-file=FILE], [use the given certificate blacklist file as default])]) if test "x$with_default_trust_store_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE], ["$with_default_trust_store_file"], [use the given file default trust store]) fi if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) fi if test "x$with_default_blacklist_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE], ["$with_default_blacklist_file"], [use the given certificate blacklist file]) fi dnl Guile bindings. opt_guile_bindings=yes AC_MSG_CHECKING([whether building Guile bindings]) AC_ARG_ENABLE(guile, AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]), opt_guile_bindings=$enableval) AC_MSG_RESULT($opt_guile_bindings) AC_ARG_WITH([guile-site-dir], [AS_HELP_STRING([--with-guile-site-dir], [use the given directory as the Guile site (use with care)])]) if test "$opt_guile_bindings" = "yes"; then AC_MSG_RESULT([*** *** Detecting GNU Guile... ]) AC_PATH_PROG([guile_snarf], [guile-snarf]) if test "x$guile_snarf" = "x"; then AC_MSG_WARN([`guile-snarf' from Guile not found. Guile bindings not built.]) opt_guile_bindings=no else dnl Check for 'guild', which can be used to compile Scheme code dnl on Guile 2.x. AC_PATH_PROG([GUILD], [guild]) AC_SUBST([GUILD]) GUILE_PROGS GUILE_FLAGS save_CFLAGS="$CFLAGS" save_LIBS="$LIBS" CFLAGS="$CFLAGS $GUILE_CFLAGS" LIBS="$LIBS $GUILE_LDFLAGS" AC_MSG_CHECKING([whether GNU Guile is recent enough]) AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])], [], [opt_guile_bindings=no]) CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" AC_MSG_CHECKING([the Guile effective version]) guile_effective_version="`$GUILE -c '(display (effective-version))'`" AC_MSG_RESULT([$guile_effective_version]) if test "$opt_guile_bindings" = "yes"; then AC_MSG_RESULT([yes]) case "x$with_guile_site_dir" in xno) # Use the default $(GUILE_SITE). GUILE_SITE_DIR ;; x|xyes) # Automatically derive $(GUILE_SITE) from $(pkgdatadir). This # hack is used to allow `distcheck' to work (see # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am'). GUILE_SITE="\$(datadir)/guile/site/$guile_effective_version" AC_SUBST(GUILE_SITE) ;; *) # Use the user-specified directory as $(GUILE_SITE). GUILE_SITE="$with_guile_site_dir" AC_SUBST(GUILE_SITE) ;; esac AC_MSG_CHECKING([whether gcc supports -fgnu89-inline]) _gcc_cflags_save="$CFLAGS" CFLAGS="${CFLAGS} -fgnu89-inline" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], gnu89_inline=yes, gnu89_inline=no) AC_MSG_RESULT($gnu89_inline) CFLAGS="$_gcc_cflags_save" # Optional Guile functions. save_CFLAGS="$CFLAGS" save_LIBS="$LIBS" CFLAGS="$CFLAGS $GUILE_CFLAGS" LIBS="$LIBS $GUILE_LDFLAGS" AC_CHECK_FUNCS([scm_gc_malloc_pointerless]) CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" # The place where guile-gnutls.la will go. guileextensiondir="$libdir/guile/$guile_effective_version" AC_SUBST([guileextensiondir]) # The location of .go files. guileobjectdir="$libdir/guile/$guile_effective_version/site-ccache" AC_SUBST([guileobjectdir]) else AC_MSG_RESULT([no]) AC_MSG_WARN([A sufficiently recent GNU Guile not found. Guile bindings not built.]) opt_guile_bindings=no fi fi fi AM_CONDITIONAL([HAVE_GUILE], [test "$opt_guile_bindings" = "yes"]) AM_CONDITIONAL([HAVE_GUILD], [test "x$GUILD" != "x"]) LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS" LIBGNUTLS_CFLAGS="-I${includedir}" AC_SUBST(LIBGNUTLS_LIBS) AC_SUBST(LIBGNUTLS_CFLAGS) AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.]) AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.]) AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename]) AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename]) AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename]) dnl Some variables needed in makefiles YEAR=`date +%Y` AC_SUBST([YEAR], $YEAR) for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do nam=$(basename $i|sed 's/.bak//g') if test "$create_libopts_links" = "yes";then rm -f "src/$nam.stamp" rm -f "src/$nam" AC_CONFIG_LINKS([src/$nam:$i]) fi done AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile]) AC_CONFIG_FILES([ Makefile doc/Makefile doc/credentials/Makefile doc/credentials/srp/Makefile doc/credentials/x509/Makefile doc/cyclo/Makefile doc/doxygen/Doxyfile doc/examples/Makefile doc/latex/Makefile doc/manpages/Makefile doc/reference/Makefile doc/reference/version.xml doc/scripts/Makefile extra/Makefile extra/includes/Makefile libdane/Makefile libdane/includes/Makefile libdane/gnutls-dane.pc gl/Makefile gl/tests/Makefile guile/Makefile guile/src/Makefile lib/Makefile lib/accelerated/Makefile lib/accelerated/x86/Makefile lib/accelerated/aarch64/Makefile lib/algorithms/Makefile lib/auth/Makefile lib/ext/Makefile lib/extras/Makefile lib/gnutls.pc lib/includes/Makefile lib/includes/gnutls/gnutls.h lib/minitasn1/Makefile lib/nettle/Makefile lib/x509/Makefile lib/unistring/Makefile po/Makefile.in src/Makefile src/gl/Makefile tests/Makefile tests/windows/Makefile tests/cert-tests/Makefile tests/slow/Makefile tests/suite/Makefile fuzz/Makefile ]) AC_OUTPUT dnl Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS} AC_MSG_NOTICE([summary of build options: version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE Host/Target system: ${host} Build system: ${build} Install prefix: ${prefix} Compiler: ${CC} Valgrind: $opt_valgrind_tests ${VALGRIND} CFlags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} Local libopts: ${included_libopts} Local libtasn1: ${included_libtasn1} Local unistring: ${included_unistring} Use nettle-mini: ${mini_nettle} Documentation: ${enable_doc} (manpages: ${enable_manpages}) Destructive tests: ${enable_destructive_tests} ]) AC_MSG_NOTICE([External hardware support: /dev/crypto: $enable_cryptodev Hardware accel: $hw_accel Padlock accel: $use_padlock Random gen. variant: $rnd_variant PKCS#11 support: $with_p11_kit TPM support: $with_tpm ]) if test -n "$ac_trousers_lib";then AC_MSG_NOTICE([ TPM library: $ac_trousers_lib ]) fi AC_MSG_NOTICE([Optional features: (note that included applications might not compile properly if features are disabled) SSL3.0 support: $ac_enable_ssl3 SSL2.0 client hello: $ac_enable_ssl2 Allow SHA1 sign: $ac_allow_sha1 DTLS-SRTP support: $ac_enable_srtp ALPN support: $ac_enable_alpn OCSP support: $ac_enable_ocsp Ses. ticket support: $ac_enable_session_tickets SRP support: $ac_enable_srp PSK support: $ac_enable_psk DHE support: $ac_enable_dhe ECDHE support: $ac_enable_ecdhe Anon auth support: $ac_enable_anon Heartbeat support: $ac_enable_heartbeat IDNA support: $idna_support Non-SuiteB curves: $enable_non_suiteb FIPS140 mode: $enable_fips ]) AC_MSG_NOTICE([Optional libraries: Guile wrappers: $opt_guile_bindings C++ library: $use_cxx DANE library: $enable_dane OpenSSL compat: $enable_openssl ]) AC_MSG_NOTICE([System files: Trust store pkcs11: $with_default_trust_store_pkcs11 Trust store dir: $with_default_trust_store_dir Trust store file: $with_default_trust_store_file Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file Priority file: $system_priority_file DNSSEC root key file: $unbound_root_key_file ]) if test ! -f "$unbound_root_key_file"; then AC_MSG_WARN([[ *** *** The DNSSEC root key file in $unbound_root_key_file was not found. *** This file is needed for the verification of DNSSEC responses. *** Use the command: unbound-anchor -a "$unbound_root_key_file" *** to generate or update it. *** ]]) fi if test "${enable_static}" != no;then AC_MSG_WARN([[ *** GnuTLS will be build as a static library. That means that library *** constructors for gnutls_global_init will not be made available to *** linking applications. If you are building that library for arbitrary *** applications to link, do not enable static linking. ]]) fi if test "$enable_fuzzer_target" != "no";then AC_MSG_WARN([[ *** This version of the library is for fuzzying purposes and is intentionally broken! ]]) fi