1 | dnl Process this file with autoconf to produce a configure script. |
1 | dnl Process this file with autoconf to produce a configure script. |
2 | |
2 | |
3 | AC_PREREQ(2.59) |
3 | AC_PREREQ(2.69) |
4 | AC_INIT |
4 | AC_INIT |
5 | AC_CONFIG_SRCDIR([src/gvpe.C]) |
5 | AC_CONFIG_SRCDIR([src/gvpe.C]) |
6 | AC_CANONICAL_TARGET |
6 | AC_CANONICAL_TARGET |
7 | AM_INIT_AUTOMAKE(gvpe, 2.01) |
7 | AM_INIT_AUTOMAKE(gvpe, 3.1) |
8 | AC_CONFIG_HEADERS([config.h]) |
8 | AC_CONFIG_HEADERS([config.h]) |
9 | AM_MAINTAINER_MODE |
9 | AM_MAINTAINER_MODE |
10 | |
10 | |
11 | AH_TOP([ |
11 | AH_TOP([ |
12 | #ifndef CONFIG_H__ |
12 | #ifndef CONFIG_H__ |
… | |
… | |
46 | #else |
46 | #else |
47 | # define CLOCALE <locale.h> |
47 | # define CLOCALE <locale.h> |
48 | #endif |
48 | #endif |
49 | ]) |
49 | ]) |
50 | |
50 | |
51 | dnl Include the macros from the m4/ directory |
|
|
52 | AM_ACLOCAL_INCLUDE(m4) |
|
|
53 | |
|
|
54 | AM_GNU_GETTEXT([external]) |
51 | AM_GNU_GETTEXT([external]) |
55 | AM_GNU_GETTEXT_VERSION(0.11.5) |
52 | AM_GNU_GETTEXT_VERSION(0.11.5) |
56 | |
53 | |
57 | # Enable GNU extensions. |
54 | # Enable GNU extensions. |
58 | # Define this here, not in acconfig's @TOP@ section, since definitions |
55 | # Define this here, not in acconfig's @TOP@ section, since definitions |
… | |
… | |
64 | dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions]) |
61 | dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions]) |
65 | |
62 | |
66 | ALL_LINGUAS="" |
63 | ALL_LINGUAS="" |
67 | |
64 | |
68 | dnl Checks for programs. |
65 | dnl Checks for programs. |
69 | AC_PROG_CC |
|
|
70 | AC_PROG_CPP |
66 | AC_PROG_CPP |
71 | AC_PROG_CXX |
67 | AC_PROG_CXX |
72 | AC_PROG_GCC_TRADITIONAL |
68 | AC_PROG_GCC_TRADITIONAL |
73 | AC_PROG_AWK |
69 | AC_PROG_AWK |
74 | AC_PROG_INSTALL |
70 | AC_PROG_INSTALL |
… | |
… | |
158 | AC_CACHE_SAVE |
154 | AC_CACHE_SAVE |
159 | |
155 | |
160 | dnl Checks for libraries. |
156 | dnl Checks for libraries. |
161 | |
157 | |
162 | AC_LANG(C++) |
158 | AC_LANG(C++) |
163 | AC_CHECK_HEADERS(ext/hash_map clocale) |
159 | AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale) |
164 | |
160 | |
165 | dnl Checks for header files. |
161 | dnl Checks for header files. |
166 | AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ |
162 | AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ |
167 | sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \ |
163 | sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \ |
168 | sys/mman.h netinet/in.h]) |
164 | sys/mman.h netinet/in.h]) |
… | |
… | |
238 | AC_CACHE_SAVE |
234 | AC_CACHE_SAVE |
239 | |
235 | |
240 | dnl These are defined in files in m4/ |
236 | dnl These are defined in files in m4/ |
241 | tinc_TUNTAP |
237 | tinc_TUNTAP |
242 | |
238 | |
243 | tinc_OPENSSL |
239 | PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1]) |
244 | if test "x$openssl_include" != x; then |
240 | |
245 | CXXFLAGS="$CXXFLAGS -I$openssl_include" |
241 | AC_ARG_ENABLE(threads, |
|
|
242 | [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], |
|
|
243 | [try_threads=$enableval], |
|
|
244 | [try_threads=yes] |
|
|
245 | ) |
|
|
246 | |
|
|
247 | if test "x$try_threads" = xyes; then |
|
|
248 | AC_CHECK_HEADER(pthread.h,[ |
|
|
249 | LIBS="$LIBS -lpthread" |
|
|
250 | AC_COMPILE_IFELSE( |
|
|
251 | [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])], |
|
|
252 | [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])] |
|
|
253 | ) |
|
|
254 | ]) |
246 | fi |
255 | fi |
247 | dnl tinc_ZLIB |
|
|
248 | |
256 | |
249 | AC_ARG_ENABLE(static-daemon, |
257 | AC_ARG_ENABLE(static-daemon, |
250 | [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], |
258 | [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], |
251 | [LDFLAGS_DAEMON=-static] |
259 | [LDFLAGS_DAEMON=-static] |
252 | ) |
260 | ) |
253 | AC_SUBST(LDFLAGS_DAEMON) |
261 | AC_SUBST(LDFLAGS_DAEMON) |
254 | |
262 | |
255 | AC_ARG_ENABLE(rohc, |
263 | dnl AC_ARG_ENABLE(rohc, |
256 | [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], |
264 | dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], |
257 | [ |
265 | dnl [ |
258 | echo |
266 | dnl echo |
259 | echo "**********************************************************************" |
267 | dnl echo "**********************************************************************" |
260 | echo "**********************************************************************" |
268 | dnl echo "**********************************************************************" |
261 | echo "**** --enable-rohc is highly experimental, do not use ****************" |
269 | dnl echo "**** --enable-rohc is highly experimental, do not use ****************" |
262 | echo "**********************************************************************" |
270 | dnl echo "**********************************************************************" |
263 | echo "**********************************************************************" |
271 | dnl echo "**********************************************************************" |
264 | echo |
272 | dnl echo |
265 | rohc=true |
273 | dnl rohc=true |
266 | AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) |
274 | dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) |
267 | ] |
275 | dnl ] |
268 | ) |
276 | dnl ) |
269 | |
277 | |
270 | AM_CONDITIONAL(ROHC, test x$rohc = xtrue) |
278 | AM_CONDITIONAL(ROHC, test x$rohc = xtrue) |
271 | |
279 | |
272 | dnl AC_ARG_ENABLE(bridging, |
280 | dnl AC_ARG_ENABLE(bridging, |
273 | dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)], |
281 | dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)], |
274 | dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.]) |
282 | dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.]) |
275 | dnl ) |
283 | dnl ) |
276 | |
284 | |
|
|
285 | ICMP=1 |
277 | AC_ARG_ENABLE(icmp, |
286 | AC_ARG_ENABLE(icmp, |
278 | [AS_HELP_STRING(--enable-icmp,enable icmp protocol support (default disabled).)], |
287 | [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)], |
|
|
288 | if test "x$enableval" = xno; then |
|
|
289 | ICMP=0 |
|
|
290 | fi |
|
|
291 | ) |
|
|
292 | if test "x$ICMP" = x1; then |
279 | AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) |
293 | AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) |
280 | ) |
294 | fi |
281 | |
295 | |
|
|
296 | TCP=1 |
282 | AC_ARG_ENABLE(tcp, |
297 | AC_ARG_ENABLE(tcp, |
283 | [AS_HELP_STRING(--enable-tcp,enable tcp protocol support (default disabled).)], |
298 | [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)], |
|
|
299 | if test "x$enableval" = xno; then |
|
|
300 | TCP=0 |
|
|
301 | fi |
|
|
302 | ) |
|
|
303 | if test "x$TCP" = x1; then |
284 | AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) |
304 | AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) |
|
|
305 | fi |
|
|
306 | |
|
|
307 | HTTP=1 |
|
|
308 | AC_ARG_ENABLE(http-proxy, |
|
|
309 | [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)], |
|
|
310 | if test "x$enableval" = xno; then |
|
|
311 | HTTP=0 |
|
|
312 | fi |
285 | ) |
313 | ) |
|
|
314 | if test "x$HTTP" = x1; then |
|
|
315 | AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) |
|
|
316 | fi |
286 | |
317 | |
287 | AC_ARG_ENABLE(dns, |
318 | AC_ARG_ENABLE(dns, |
288 | [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (DOES NOT WORK).)], |
319 | [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)], |
289 | [ |
320 | [ |
290 | AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])]) |
321 | AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])]) |
291 | AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])]) |
322 | AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])]) |
292 | |
323 | |
293 | AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) |
324 | AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) |
294 | ] |
325 | ] |
295 | ) |
326 | ) |
296 | |
327 | |
297 | AC_ARG_ENABLE(http-proxy, |
328 | RSA=3072 |
298 | [AS_HELP_STRING(--enable-http-proxy,enable http proxy connect support (default disabled).)], |
329 | AC_ARG_ENABLE(rsa-length, |
299 | AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) |
330 | [AS_HELP_STRING(--enable-rsa-length=BITS,[ |
|
|
331 | use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], |
|
|
332 | RSA=$enableval |
300 | ) |
333 | ) |
|
|
334 | AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) |
301 | |
335 | |
302 | HMAC=12 |
336 | HMACSIZE=12 |
303 | AC_ARG_ENABLE(hmac-length, |
337 | AC_ARG_ENABLE(hmac-length, |
304 | [AS_HELP_STRING(--enable-hmac-length=BYTES,[ |
338 | [AS_HELP_STRING(--enable-hmac-length=BYTES,[ |
305 | use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], |
339 | use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], |
306 | HMAC=$enableval |
340 | HMACSIZE=$enableval |
307 | ) |
341 | ) |
308 | AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) |
342 | AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) |
309 | |
|
|
310 | RAND=8 |
|
|
311 | AC_ARG_ENABLE(rand-length, |
|
|
312 | [AS_HELP_STRING(--enable-rand-length=BYTES, |
|
|
313 | [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])], |
|
|
314 | RAND=$enableval |
|
|
315 | ) |
|
|
316 | AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.]) |
|
|
317 | |
343 | |
318 | MTU=1500 |
344 | MTU=1500 |
319 | AC_ARG_ENABLE(mtu, |
345 | AC_ARG_ENABLE(max-mtu, |
320 | [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], |
346 | [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], |
321 | MTU=$enableval |
347 | MTU=$enableval |
322 | ) |
348 | ) |
323 | AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) |
349 | AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.]) |
324 | |
350 | |
325 | COMPRESS=1 |
351 | COMPRESS=1 |
326 | AC_ARG_ENABLE(compression, |
352 | AC_ARG_ENABLE(compression, |
327 | [AS_HELP_STRING(--disable-compression,Disable compression support.)], |
353 | [AS_HELP_STRING(--disable-compression,Disable compression support.)], |
328 | if test "x$enableval" = xno; then |
354 | if test "x$enableval" = xno; then |
329 | COMPRESS=0 |
355 | COMPRESS=0 |
330 | fi |
356 | fi |
331 | ) |
357 | ) |
332 | AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) |
358 | AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) |
333 | |
359 | |
334 | CIPHER=aes_128_cbc |
360 | CIPHER=aes_128_ctr |
335 | AC_ARG_ENABLE(cipher, |
361 | AC_ARG_ENABLE(cipher, |
336 | [AS_HELP_STRING(--enable-cipher,[ |
362 | [AS_HELP_STRING(--enable-cipher=CIPHER,[ |
337 | Select the symmetric cipher (default "aes-128"). |
363 | Select the symmetric cipher (default "aes-128"). |
338 | Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], |
364 | Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])], |
339 | if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi |
365 | #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi |
340 | if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi |
366 | if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi |
341 | if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi |
367 | if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi |
342 | if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi |
368 | if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi |
|
|
369 | #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi |
|
|
370 | #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi |
343 | ) |
371 | ) |
344 | AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) |
372 | AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) |
345 | |
373 | |
346 | DIGEST=ripemd160 |
374 | HMAC=sha1 |
347 | AC_ARG_ENABLE(digest, |
375 | AC_ARG_ENABLE(hmac-digest, |
348 | [AS_HELP_STRING(--enable-digest,[ |
376 | [AS_HELP_STRING(--enable-hmac-digest=HMAC,[ |
349 | Select the digest algorithm to use (default "ripemd160"). Must be one of |
377 | Select the HMAC digest algorithm to use (default "sha1"). Must be one of |
350 | "sha512", "sha256", "sha1", "ripemd160", "md5" or "md4" (insecure).])], |
378 | "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], |
|
|
379 | if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi |
|
|
380 | if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi |
|
|
381 | if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi |
|
|
382 | if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi |
|
|
383 | if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi |
|
|
384 | ) |
|
|
385 | AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.]) |
|
|
386 | |
|
|
387 | AUTH=sha512 |
|
|
388 | AC_ARG_ENABLE(auth-digest, |
|
|
389 | [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ |
|
|
390 | Select the hmac algorithm to use (default "sha512"). Must be one of |
|
|
391 | "sha512", "sha256", "whirlpool".])], |
|
|
392 | if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi |
351 | if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi |
393 | if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi |
352 | if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi |
394 | if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi |
353 | if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi |
|
|
354 | if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi |
|
|
355 | if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi |
|
|
356 | if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi |
|
|
357 | ) |
395 | ) |
358 | AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) |
396 | AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.]) |
359 | |
397 | |
360 | if $CXX -v --help 2>&1 | grep -q fno-rtti; then |
398 | if $CXX -v --help 2>&1 | grep -q fno-rtti; then |
361 | CXXFLAGS="$CXXFLAGS -fno-rtti" |
399 | CXXFLAGS="$CXXFLAGS -fno-rtti" |
362 | fi |
400 | fi |
363 | |
401 | |
364 | if $CXX -v --help 2>&1 | grep -q fexceptions; then |
402 | #if $CXX -v --help 2>&1 | grep -q fexceptions; then |
365 | CXXFLAGS="$CXXFLAGS -fno-exceptions" |
403 | # CXXFLAGS="$CXXFLAGS -fno-exceptions" |
366 | fi |
404 | #fi |
367 | |
405 | |
368 | LIBS="$EXTRA_LIBS $LIBS" |
406 | LIBS="$EXTRA_LIBS $LIBS" |
369 | |
407 | |
370 | dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then |
408 | dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then |
371 | dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" |
409 | dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" |
372 | dnl fi |
410 | dnl fi |
373 | dnl |
411 | dnl |
374 | dnl if $LD -v --help 2>&1 | grep -q gc-sections; then |
412 | dnl if $LD -v --help 2>&1 | grep -q gc-sections; then |
375 | dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" |
413 | dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" |
376 | dnl fi |
414 | dnl fi |
377 | |
415 | |
378 | AC_SUBST(INCLUDES) |
416 | AC_SUBST(INCLUDES) |
… | |
… | |
388 | echo |
426 | echo |
389 | echo "***" |
427 | echo "***" |
390 | echo "*** Configuration Summary" |
428 | echo "*** Configuration Summary" |
391 | echo "***" |
429 | echo "***" |
392 | echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" |
430 | echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" |
|
|
431 | echo "*** RSA size: $RSA" |
393 | echo "*** Cipher used: $CIPHER" |
432 | echo "*** Cipher used: $CIPHER" |
394 | echo "*** Digest used: $DIGEST" |
433 | echo "*** Digest used: $DIGEST" |
|
|
434 | echo "*** Authdigest: $AUTH" |
395 | echo "*** HMAC length: $HMAC" |
435 | echo "*** HMAC length: $HMAC" |
396 | echo "*** RAND used: $RAND" |
|
|
397 | echo "*** Max. MTU: $MTU" |
436 | echo "*** Max. MTU: $MTU" |
398 | |
437 | |
399 | echo "***" |
438 | echo "***" |
400 | echo "*** Enable options:" |
439 | echo "*** Enable options:" |
401 | grep ENABLE_ config.h | sed -e 's/^/*** /' |
440 | grep ENABLE_ config.h | sed -e 's/^/*** /' |
402 | |
441 | |
403 | if test "x$DIGEST" = xmd4; then |
442 | if test "$HMACSIZE" -lt 12; then |
404 | echo "***" |
443 | echo "***" |
405 | echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure" |
|
|
406 | fi |
|
|
407 | |
|
|
408 | if test "$HMAC" -lt 12; then |
|
|
409 | echo "***" |
|
|
410 | echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" |
444 | echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" |
411 | fi |
|
|
412 | |
|
|
413 | if test "$RAND" -lt 8; then |
|
|
414 | echo "***" |
|
|
415 | echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" |
|
|
416 | fi |
445 | fi |
417 | |
446 | |
418 | echo "***" |
447 | echo "***" |
419 | echo |
448 | echo |
420 | |
449 | |
|
|
450 | if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then |
|
|
451 | cat <<EOF |
|
|
452 | @<:@33m |
|
|
453 | *** |
|
|
454 | *** WARNING WARNING WARNING WARNING WARNING WARNING WARNING |
|
|
455 | *** |
|
|
456 | *** You seem to configure gvpe with OpenSSL 1.1 or newer. |
|
|
457 | *** While this probably compiles, please note that this is not only |
|
|
458 | *** unsupported, but also discouraged. |
|
|
459 | *** |
|
|
460 | *** It is recommended to use either OpenSSL 1.0, as long as that is still |
|
|
461 | *** supported, or LibreSSL (https://www.libressl.org/). |
|
|
462 | *** |
|
|
463 | *** This is not a political issue - while porting GVPE to the newer |
|
|
464 | *** OpenSSL 1.1 API, I encountered two incompatible API changes that were |
|
|
465 | *** not documented, were not caught while compiling but caused security |
|
|
466 | *** issues. When reported, the reaction of the OpenSSL developers was to |
|
|
467 | *** update the documentation. |
|
|
468 | *** |
|
|
469 | *** As a result, I lost all confidence in the ability and desire of |
|
|
470 | *** OpenSSL developers to create a safe API, and would highly recommend |
|
|
471 | *** switching to LibreSSL which explicitly avoids such braking changes. |
|
|
472 | *** |
|
|
473 | *** WARNING WARNING WARNING WARNING WARNING WARNING WARNING |
|
|
474 | *** |
|
|
475 | *** Again, do not use OpenSSL 1.1 and complain if stuff breaks. |
|
|
476 | *** You have been warned, but your choice is respected. |
|
|
477 | *** |
|
|
478 | @<:@0m |
421 | |
479 | |
|
|
480 | EOF |
|
|
481 | fi |
|
|
482 | |
|
|
483 | |