1 | dnl Process this file with autoconf to produce a configure script. |
1 | dnl Process this file with autoconf to produce a configure script. |
2 | |
2 | |
3 | AC_PREREQ(2.69) |
3 | AC_PREREQ([2.71]) |
4 | AC_INIT |
4 | AC_INIT([gvpe],[3.1]) |
5 | AC_CONFIG_SRCDIR([src/gvpe.C]) |
5 | AC_CONFIG_SRCDIR([src/gvpe.C]) |
6 | AC_CANONICAL_TARGET |
6 | AC_CANONICAL_TARGET |
7 | AM_INIT_AUTOMAKE(gvpe, 2.25) |
7 | AM_INIT_AUTOMAKE |
8 | AC_CONFIG_HEADERS([config.h]) |
8 | AC_CONFIG_HEADERS([config.h]) |
9 | AM_MAINTAINER_MODE |
9 | AM_MAINTAINER_MODE |
10 | |
10 | |
11 | AH_TOP([ |
11 | AH_TOP([ |
12 | #ifndef CONFIG_H__ |
12 | #ifndef CONFIG_H__ |
… | |
… | |
179 | |
179 | |
180 | dnl Checks for typedefs, structures, and compiler characteristics. |
180 | dnl Checks for typedefs, structures, and compiler characteristics. |
181 | AC_C_CONST |
181 | AC_C_CONST |
182 | AC_TYPE_PID_T |
182 | AC_TYPE_PID_T |
183 | AC_TYPE_SIZE_T |
183 | AC_TYPE_SIZE_T |
184 | AC_HEADER_TIME |
184 | AC_CHECK_HEADERS_ONCE([sys/time.h]) |
|
|
185 | |
185 | AC_STRUCT_TM |
186 | AC_STRUCT_TM |
186 | |
187 | |
187 | AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, |
188 | AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, |
188 | [ |
189 | [ |
189 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
190 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
… | |
… | |
201 | ]) |
202 | ]) |
202 | if test $ac_cv_struct_addrinfo = yes; then |
203 | if test $ac_cv_struct_addrinfo = yes; then |
203 | AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) |
204 | AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) |
204 | fi |
205 | fi |
205 | |
206 | |
206 | dnl Checks for library functions. |
|
|
207 | AC_TYPE_SIGNAL |
|
|
208 | |
|
|
209 | AC_LANG_PUSH(C) |
207 | AC_LANG_PUSH(C) |
210 | |
|
|
211 | AC_HEADER_STDC |
|
|
212 | |
208 | |
213 | dnl argl, could somebody catapult darwin into the 21st century??? |
209 | dnl argl, could somebody catapult darwin into the 21st century??? |
214 | AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) |
210 | AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) |
215 | |
211 | |
216 | AC_FUNC_ALLOCA |
212 | AC_FUNC_ALLOCA |
… | |
… | |
234 | AC_CACHE_SAVE |
230 | AC_CACHE_SAVE |
235 | |
231 | |
236 | dnl These are defined in files in m4/ |
232 | dnl These are defined in files in m4/ |
237 | tinc_TUNTAP |
233 | tinc_TUNTAP |
238 | |
234 | |
239 | tinc_OPENSSL |
235 | PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1]) |
240 | if test "x$openssl_include" != x; then |
|
|
241 | CXXFLAGS="$CXXFLAGS -I$openssl_include" |
|
|
242 | fi |
|
|
243 | dnl tinc_ZLIB |
|
|
244 | |
236 | |
245 | AC_ARG_ENABLE(threads, |
237 | AC_ARG_ENABLE(threads, |
246 | [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], |
238 | [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], |
247 | [try_threads=$enableval], |
239 | [try_threads=$enableval], |
248 | [try_threads=yes] |
240 | [try_threads=yes] |
… | |
… | |
343 | use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], |
335 | use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], |
344 | HMACSIZE=$enableval |
336 | HMACSIZE=$enableval |
345 | ) |
337 | ) |
346 | AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) |
338 | AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) |
347 | |
339 | |
348 | RANDSIZE=12 |
|
|
349 | AC_ARG_ENABLE(rand-length, |
|
|
350 | [AS_HELP_STRING(--enable-rand-length=BYTES, |
|
|
351 | [use BYTES bytes of extra randomness (default 12). Allowed values are 0, 4, 8, 12.])], |
|
|
352 | RANDSIZE=$enableval |
|
|
353 | ) |
|
|
354 | AC_DEFINE_UNQUOTED(RAND_SIZE, $RANDSIZE, [Add this many bytes of randomness to each packet.]) |
|
|
355 | |
|
|
356 | MTU=1500 |
340 | MTU=1500 |
357 | AC_ARG_ENABLE(max-mtu, |
341 | AC_ARG_ENABLE(max-mtu, |
358 | [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], |
342 | [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], |
359 | MTU=$enableval |
343 | MTU=$enableval |
360 | ) |
344 | ) |
… | |
… | |
367 | COMPRESS=0 |
351 | COMPRESS=0 |
368 | fi |
352 | fi |
369 | ) |
353 | ) |
370 | AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) |
354 | AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) |
371 | |
355 | |
372 | CIPHER=aes_128_cbc |
356 | CIPHER=aes_128_ctr |
373 | AC_ARG_ENABLE(cipher, |
357 | AC_ARG_ENABLE(cipher, |
374 | [AS_HELP_STRING(--enable-cipher=CIPHER,[ |
358 | [AS_HELP_STRING(--enable-cipher=CIPHER,[ |
375 | Select the symmetric cipher (default "aes-128"). |
359 | Select the symmetric cipher (default "aes-128"). |
376 | Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], |
360 | Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])], |
377 | if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi |
361 | #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi |
378 | if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi |
362 | if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi |
379 | if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi |
363 | if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi |
380 | if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi |
364 | if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi |
381 | if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi |
365 | #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi |
382 | if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi |
366 | #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi |
383 | ) |
367 | ) |
384 | AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) |
368 | AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) |
385 | |
369 | |
386 | HMAC=sha1 |
370 | HMAC=sha1 |
387 | AC_ARG_ENABLE(hmac-digest, |
371 | AC_ARG_ENABLE(hmac-digest, |
… | |
… | |
418 | LIBS="$EXTRA_LIBS $LIBS" |
402 | LIBS="$EXTRA_LIBS $LIBS" |
419 | |
403 | |
420 | dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then |
404 | dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then |
421 | dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" |
405 | dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" |
422 | dnl fi |
406 | dnl fi |
423 | dnl |
407 | dnl |
424 | dnl if $LD -v --help 2>&1 | grep -q gc-sections; then |
408 | dnl if $LD -v --help 2>&1 | grep -q gc-sections; then |
425 | dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" |
409 | dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" |
426 | dnl fi |
410 | dnl fi |
427 | |
411 | |
428 | AC_SUBST(INCLUDES) |
412 | AC_SUBST(AM_CPPFLAGS) |
429 | |
413 | |
430 | AC_CONFIG_FILES([Makefile po/Makefile.in |
414 | AC_CONFIG_FILES([Makefile po/Makefile.in |
431 | src/Makefile |
415 | src/Makefile |
432 | doc/Makefile |
416 | doc/Makefile |
433 | lib/Makefile |
417 | lib/Makefile |
… | |
… | |
443 | echo "*** RSA size: $RSA" |
427 | echo "*** RSA size: $RSA" |
444 | echo "*** Cipher used: $CIPHER" |
428 | echo "*** Cipher used: $CIPHER" |
445 | echo "*** Digest used: $DIGEST" |
429 | echo "*** Digest used: $DIGEST" |
446 | echo "*** Authdigest: $AUTH" |
430 | echo "*** Authdigest: $AUTH" |
447 | echo "*** HMAC length: $HMAC" |
431 | echo "*** HMAC length: $HMAC" |
448 | echo "*** RAND used: $RAND" |
|
|
449 | echo "*** Max. MTU: $MTU" |
432 | echo "*** Max. MTU: $MTU" |
450 | |
433 | |
451 | echo "***" |
434 | echo "***" |
452 | echo "*** Enable options:" |
435 | echo "*** Enable options:" |
453 | grep ENABLE_ config.h | sed -e 's/^/*** /' |
436 | grep ENABLE_ config.h | sed -e 's/^/*** /' |
… | |
… | |
455 | if test "$HMACSIZE" -lt 12; then |
438 | if test "$HMACSIZE" -lt 12; then |
456 | echo "***" |
439 | echo "***" |
457 | echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" |
440 | echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" |
458 | fi |
441 | fi |
459 | |
442 | |
460 | if test "$RANDSIZE" -lt 12; then |
|
|
461 | echo "***" |
|
|
462 | echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure" |
|
|
463 | fi |
|
|
464 | |
|
|
465 | echo "***" |
443 | echo "***" |
466 | echo |
444 | echo |
467 | |
445 | |
|
|
446 | if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then |
|
|
447 | cat <<EOF |
|
|
448 | @<:@33m |
|
|
449 | *** |
|
|
450 | *** WARNING WARNING WARNING WARNING WARNING WARNING WARNING |
|
|
451 | *** |
|
|
452 | *** You seem to configure gvpe with OpenSSL 1.1 or newer. |
|
|
453 | *** While this probably compiles, please note that this is not only |
|
|
454 | *** unsupported, but also discouraged. |
|
|
455 | *** |
|
|
456 | *** It is recommended to use either OpenSSL 1.0, as long as that is still |
|
|
457 | *** supported, or LibreSSL (https://www.libressl.org/). |
|
|
458 | *** |
|
|
459 | *** This is not a political issue - while porting GVPE to the newer |
|
|
460 | *** OpenSSL 1.1 API, I encountered two incompatible API changes that were |
|
|
461 | *** not documented, were not caught while compiling but caused security |
|
|
462 | *** issues. When reported, the reaction of the OpenSSL developers was to |
|
|
463 | *** update the documentation. |
|
|
464 | *** |
|
|
465 | *** As a result, I lost all confidence in the ability and desire of |
|
|
466 | *** OpenSSL developers to create a safe API, and would highly recommend |
|
|
467 | *** switching to LibreSSL which explicitly avoids such braking changes. |
|
|
468 | *** |
|
|
469 | *** WARNING WARNING WARNING WARNING WARNING WARNING WARNING |
|
|
470 | *** |
|
|
471 | *** Again, do not use OpenSSL 1.1 and complain if stuff breaks. |
|
|
472 | *** You have been warned, but your choice is respected. |
|
|
473 | *** |
|
|
474 | @<:@0m |
468 | |
475 | |
|
|
476 | EOF |
|
|
477 | fi |
|
|
478 | |
|
|
479 | |