ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.63 by root, Thu Jul 18 13:35:19 2013 UTC vs.
Revision 1.68 by root, Thu Oct 6 03:25:53 2022 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.69) 3AC_PREREQ([2.71])
4AC_INIT 4AC_INIT([gvpe],[3.1])
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.25) 7AM_INIT_AUTOMAKE
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
179 179
180dnl Checks for typedefs, structures, and compiler characteristics. 180dnl Checks for typedefs, structures, and compiler characteristics.
181AC_C_CONST 181AC_C_CONST
182AC_TYPE_PID_T 182AC_TYPE_PID_T
183AC_TYPE_SIZE_T 183AC_TYPE_SIZE_T
184AC_HEADER_TIME 184AC_CHECK_HEADERS_ONCE([sys/time.h])
185
185AC_STRUCT_TM 186AC_STRUCT_TM
186 187
187AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, 188AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
188[ 189[
189 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
201]) 202])
202if test $ac_cv_struct_addrinfo = yes; then 203if test $ac_cv_struct_addrinfo = yes; then
203 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) 204 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
204fi 205fi
205 206
206dnl Checks for library functions.
207AC_TYPE_SIGNAL
208
209AC_LANG_PUSH(C) 207AC_LANG_PUSH(C)
210
211AC_HEADER_STDC
212 208
213dnl argl, could somebody catapult darwin into the 21st century??? 209dnl argl, could somebody catapult darwin into the 21st century???
214AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) 210AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
215 211
216AC_FUNC_ALLOCA 212AC_FUNC_ALLOCA
234AC_CACHE_SAVE 230AC_CACHE_SAVE
235 231
236dnl These are defined in files in m4/ 232dnl These are defined in files in m4/
237tinc_TUNTAP 233tinc_TUNTAP
238 234
239tinc_OPENSSL 235PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
240if test "x$openssl_include" != x; then
241 CXXFLAGS="$CXXFLAGS -I$openssl_include"
242fi
243dnl tinc_ZLIB
244 236
245AC_ARG_ENABLE(threads, 237AC_ARG_ENABLE(threads,
246 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], 238 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
247 [try_threads=$enableval], 239 [try_threads=$enableval],
248 [try_threads=yes] 240 [try_threads=yes]
343 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 335 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
344 HMACSIZE=$enableval 336 HMACSIZE=$enableval
345) 337)
346AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) 338AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
347 339
348RANDSIZE=12
349AC_ARG_ENABLE(rand-length,
350 [AS_HELP_STRING(--enable-rand-length=BYTES,
351 [use BYTES bytes of extra randomness (default 12). Allowed values are 0, 4, 8, 12.])],
352 RANDSIZE=$enableval
353)
354AC_DEFINE_UNQUOTED(RAND_SIZE, $RANDSIZE, [Add this many bytes of randomness to each packet.])
355
356MTU=1500 340MTU=1500
357AC_ARG_ENABLE(max-mtu, 341AC_ARG_ENABLE(max-mtu,
358 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 342 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
359 MTU=$enableval 343 MTU=$enableval
360) 344)
367 COMPRESS=0 351 COMPRESS=0
368 fi 352 fi
369) 353)
370AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 354AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
371 355
372CIPHER=aes_128_cbc 356CIPHER=aes_128_ctr
373AC_ARG_ENABLE(cipher, 357AC_ARG_ENABLE(cipher,
374 [AS_HELP_STRING(--enable-cipher=CIPHER,[ 358 [AS_HELP_STRING(--enable-cipher=CIPHER,[
375 Select the symmetric cipher (default "aes-128"). 359 Select the symmetric cipher (default "aes-128").
376 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], 360 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
377 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 361 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
378 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi 362 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
379 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi 363 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
380 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi 364 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
381 if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi 365 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
382 if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi 366 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
383) 367)
384AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 368AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
385 369
386HMAC=sha1 370HMAC=sha1
387AC_ARG_ENABLE(hmac-digest, 371AC_ARG_ENABLE(hmac-digest,
418LIBS="$EXTRA_LIBS $LIBS" 402LIBS="$EXTRA_LIBS $LIBS"
419 403
420dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 404dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
421dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 405dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
422dnl fi 406dnl fi
423dnl 407dnl
424dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 408dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
425dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 409dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
426dnl fi 410dnl fi
427 411
428AC_SUBST(INCLUDES) 412AC_SUBST(AM_CPPFLAGS)
429 413
430AC_CONFIG_FILES([Makefile po/Makefile.in 414AC_CONFIG_FILES([Makefile po/Makefile.in
431src/Makefile 415src/Makefile
432doc/Makefile 416doc/Makefile
433lib/Makefile 417lib/Makefile
443echo "*** RSA size: $RSA" 427echo "*** RSA size: $RSA"
444echo "*** Cipher used: $CIPHER" 428echo "*** Cipher used: $CIPHER"
445echo "*** Digest used: $DIGEST" 429echo "*** Digest used: $DIGEST"
446echo "*** Authdigest: $AUTH" 430echo "*** Authdigest: $AUTH"
447echo "*** HMAC length: $HMAC" 431echo "*** HMAC length: $HMAC"
448echo "*** RAND used: $RAND"
449echo "*** Max. MTU: $MTU" 432echo "*** Max. MTU: $MTU"
450 433
451echo "***" 434echo "***"
452echo "*** Enable options:" 435echo "*** Enable options:"
453grep ENABLE_ config.h | sed -e 's/^/*** /' 436grep ENABLE_ config.h | sed -e 's/^/*** /'
455if test "$HMACSIZE" -lt 12; then 438if test "$HMACSIZE" -lt 12; then
456echo "***" 439echo "***"
457echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" 440echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
458fi 441fi
459 442
460if test "$RANDSIZE" -lt 12; then
461echo "***"
462echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure"
463fi
464
465echo "***" 443echo "***"
466echo 444echo
467 445
446if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
447 cat <<EOF
448@<:@33m
449***
450*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
451***
452*** You seem to configure gvpe with OpenSSL 1.1 or newer.
453*** While this probably compiles, please note that this is not only
454*** unsupported, but also discouraged.
455***
456*** It is recommended to use either OpenSSL 1.0, as long as that is still
457*** supported, or LibreSSL (https://www.libressl.org/).
458***
459*** This is not a political issue - while porting GVPE to the newer
460*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
461*** not documented, were not caught while compiling but caused security
462*** issues. When reported, the reaction of the OpenSSL developers was to
463*** update the documentation.
464***
465*** As a result, I lost all confidence in the ability and desire of
466*** OpenSSL developers to create a safe API, and would highly recommend
467*** switching to LibreSSL which explicitly avoids such braking changes.
468***
469*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
470***
471*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
472*** You have been warned, but your choice is respected.
473***
474@<:@0m
468 475
476EOF
477fi
478
479

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines