ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.55 by pcg, Sat Jul 18 05:59:16 2009 UTC vs.
Revision 1.68 by root, Thu Oct 6 03:25:53 2022 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.59) 3AC_PREREQ([2.71])
4AC_INIT 4AC_INIT([gvpe],[3.1])
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.22) 7AM_INIT_AUTOMAKE
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
45# define CLOCALE <clocale> 45# define CLOCALE <clocale>
46#else 46#else
47# define CLOCALE <locale.h> 47# define CLOCALE <locale.h>
48#endif 48#endif
49]) 49])
50
51dnl Include the macros from the m4/ directory
52AM_ACLOCAL_INCLUDE(m4)
53 50
54AM_GNU_GETTEXT([external]) 51AM_GNU_GETTEXT([external])
55AM_GNU_GETTEXT_VERSION(0.11.5) 52AM_GNU_GETTEXT_VERSION(0.11.5)
56 53
57# Enable GNU extensions. 54# Enable GNU extensions.
182 179
183dnl Checks for typedefs, structures, and compiler characteristics. 180dnl Checks for typedefs, structures, and compiler characteristics.
184AC_C_CONST 181AC_C_CONST
185AC_TYPE_PID_T 182AC_TYPE_PID_T
186AC_TYPE_SIZE_T 183AC_TYPE_SIZE_T
187AC_HEADER_TIME 184AC_CHECK_HEADERS_ONCE([sys/time.h])
185
188AC_STRUCT_TM 186AC_STRUCT_TM
189 187
190AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, 188AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
191[ 189[
192 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
204]) 202])
205if test $ac_cv_struct_addrinfo = yes; then 203if test $ac_cv_struct_addrinfo = yes; then
206 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) 204 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
207fi 205fi
208 206
209dnl Checks for library functions.
210AC_TYPE_SIGNAL
211
212AC_LANG_PUSH(C) 207AC_LANG_PUSH(C)
213
214AC_HEADER_STDC
215 208
216dnl argl, could somebody catapult darwin into the 21st century??? 209dnl argl, could somebody catapult darwin into the 21st century???
217AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) 210AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
218 211
219AC_FUNC_ALLOCA 212AC_FUNC_ALLOCA
237AC_CACHE_SAVE 230AC_CACHE_SAVE
238 231
239dnl These are defined in files in m4/ 232dnl These are defined in files in m4/
240tinc_TUNTAP 233tinc_TUNTAP
241 234
242tinc_OPENSSL 235PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
243if test "x$openssl_include" != x; then 236
244 CXXFLAGS="$CXXFLAGS -I$openssl_include" 237AC_ARG_ENABLE(threads,
238 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
239 [try_threads=$enableval],
240 [try_threads=yes]
241)
242
243if test "x$try_threads" = xyes; then
244 AC_CHECK_HEADER(pthread.h,[
245 LIBS="$LIBS -lpthread"
246 AC_COMPILE_IFELSE(
247 [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
248 [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
249 )
250 ])
245fi 251fi
246dnl tinc_ZLIB
247 252
248AC_ARG_ENABLE(static-daemon, 253AC_ARG_ENABLE(static-daemon,
249 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], 254 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
250 [LDFLAGS_DAEMON=-static] 255 [LDFLAGS_DAEMON=-static]
251) 256)
314 319
315 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) 320 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
316 ] 321 ]
317) 322)
318 323
324RSA=3072
325AC_ARG_ENABLE(rsa-length,
326 [AS_HELP_STRING(--enable-rsa-length=BITS,[
327 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
328 RSA=$enableval
329)
330AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
331
319HMAC=12 332HMACSIZE=12
320AC_ARG_ENABLE(hmac-length, 333AC_ARG_ENABLE(hmac-length,
321 [AS_HELP_STRING(--enable-hmac-length=BYTES,[ 334 [AS_HELP_STRING(--enable-hmac-length=BYTES,[
322 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 335 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
323 HMAC=$enableval 336 HMACSIZE=$enableval
324) 337)
325AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) 338AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
326
327RAND=8
328AC_ARG_ENABLE(rand-length,
329 [AS_HELP_STRING(--enable-rand-length=BYTES,
330 [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])],
331 RAND=$enableval
332)
333AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.])
334 339
335MTU=1500 340MTU=1500
336AC_ARG_ENABLE(mtu, 341AC_ARG_ENABLE(max-mtu,
337 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 342 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
338 MTU=$enableval 343 MTU=$enableval
339) 344)
340AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) 345AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
341 346
342COMPRESS=1 347COMPRESS=1
343AC_ARG_ENABLE(compression, 348AC_ARG_ENABLE(compression,
344 [AS_HELP_STRING(--disable-compression,Disable compression support.)], 349 [AS_HELP_STRING(--disable-compression,Disable compression support.)],
345 if test "x$enableval" = xno; then 350 if test "x$enableval" = xno; then
346 COMPRESS=0 351 COMPRESS=0
347 fi 352 fi
348) 353)
349AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 354AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
350 355
351CIPHER=aes_128_cbc 356CIPHER=aes_128_ctr
352AC_ARG_ENABLE(cipher, 357AC_ARG_ENABLE(cipher,
353 [AS_HELP_STRING(--enable-cipher=CIPHER,[ 358 [AS_HELP_STRING(--enable-cipher=CIPHER,[
354 Select the symmetric cipher (default "aes-128"). 359 Select the symmetric cipher (default "aes-128").
355 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], 360 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
356 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 361 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
357 if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi 362 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
358 if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi 363 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
359 if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi 364 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
365 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
366 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
360) 367)
361AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 368AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
362 369
363DIGEST=ripemd160 370HMAC=sha1
364AC_ARG_ENABLE(digest, 371AC_ARG_ENABLE(hmac-digest,
365 [AS_HELP_STRING(--enable-digest=CIPHER,[ 372 [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
366 Select the digest algorithm to use (default "ripemd160"). Must be one of 373 Select the HMAC digest algorithm to use (default "sha1"). Must be one of
367 "sha512", "sha256", "sha1" (somewhat insecure), "ripemd160", "md5" (insecure) or "md4" (insecure).])], 374 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
375 if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
376 if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
377 if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
378 if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
379 if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
380)
381AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
382
383AUTH=sha512
384AC_ARG_ENABLE(auth-digest,
385 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
386 Select the hmac algorithm to use (default "sha512"). Must be one of
387 "sha512", "sha256", "whirlpool".])],
388 if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
368 if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi 389 if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
369 if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi 390 if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
370 if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi
371 if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
372 if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi
373 if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi
374) 391)
375AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) 392AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
376 393
377if $CXX -v --help 2>&1 | grep -q fno-rtti; then 394if $CXX -v --help 2>&1 | grep -q fno-rtti; then
378 CXXFLAGS="$CXXFLAGS -fno-rtti" 395 CXXFLAGS="$CXXFLAGS -fno-rtti"
379fi 396fi
380 397
385LIBS="$EXTRA_LIBS $LIBS" 402LIBS="$EXTRA_LIBS $LIBS"
386 403
387dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 404dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
388dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 405dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
389dnl fi 406dnl fi
390dnl 407dnl
391dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 408dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
392dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 409dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
393dnl fi 410dnl fi
394 411
395AC_SUBST(INCLUDES) 412AC_SUBST(AM_CPPFLAGS)
396 413
397AC_CONFIG_FILES([Makefile po/Makefile.in 414AC_CONFIG_FILES([Makefile po/Makefile.in
398src/Makefile 415src/Makefile
399doc/Makefile 416doc/Makefile
400lib/Makefile 417lib/Makefile
405echo 422echo
406echo "***" 423echo "***"
407echo "*** Configuration Summary" 424echo "*** Configuration Summary"
408echo "***" 425echo "***"
409echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" 426echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
427echo "*** RSA size: $RSA"
410echo "*** Cipher used: $CIPHER" 428echo "*** Cipher used: $CIPHER"
411echo "*** Digest used: $DIGEST" 429echo "*** Digest used: $DIGEST"
430echo "*** Authdigest: $AUTH"
412echo "*** HMAC length: $HMAC" 431echo "*** HMAC length: $HMAC"
413echo "*** RAND used: $RAND"
414echo "*** Max. MTU: $MTU" 432echo "*** Max. MTU: $MTU"
415 433
416echo "***" 434echo "***"
417echo "*** Enable options:" 435echo "*** Enable options:"
418grep ENABLE_ config.h | sed -e 's/^/*** /' 436grep ENABLE_ config.h | sed -e 's/^/*** /'
419 437
420if test "x$DIGEST" = xmd4; then 438if test "$HMACSIZE" -lt 12; then
421echo "***" 439echo "***"
422echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
423fi
424
425if test "$HMAC" -lt 12; then
426echo "***"
427echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" 440echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
428fi
429
430if test "$RAND" -lt 8; then
431echo "***"
432echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
433fi 441fi
434 442
435echo "***" 443echo "***"
436echo 444echo
437 445
446if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
447 cat <<EOF
448@<:@33m
449***
450*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
451***
452*** You seem to configure gvpe with OpenSSL 1.1 or newer.
453*** While this probably compiles, please note that this is not only
454*** unsupported, but also discouraged.
455***
456*** It is recommended to use either OpenSSL 1.0, as long as that is still
457*** supported, or LibreSSL (https://www.libressl.org/).
458***
459*** This is not a political issue - while porting GVPE to the newer
460*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
461*** not documented, were not caught while compiling but caused security
462*** issues. When reported, the reaction of the OpenSSL developers was to
463*** update the documentation.
464***
465*** As a result, I lost all confidence in the ability and desire of
466*** OpenSSL developers to create a safe API, and would highly recommend
467*** switching to LibreSSL which explicitly avoids such braking changes.
468***
469*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
470***
471*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
472*** You have been warned, but your choice is respected.
473***
474@<:@0m
438 475
476EOF
477fi
478
479

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines