… | |
… | |
2 | |
2 | |
3 | AC_PREREQ(2.69) |
3 | AC_PREREQ(2.69) |
4 | AC_INIT |
4 | AC_INIT |
5 | AC_CONFIG_SRCDIR([src/gvpe.C]) |
5 | AC_CONFIG_SRCDIR([src/gvpe.C]) |
6 | AC_CANONICAL_TARGET |
6 | AC_CANONICAL_TARGET |
7 | AM_INIT_AUTOMAKE(gvpe, 3.0) |
7 | AM_INIT_AUTOMAKE(gvpe, 3.1) |
8 | AC_CONFIG_HEADERS([config.h]) |
8 | AC_CONFIG_HEADERS([config.h]) |
9 | AM_MAINTAINER_MODE |
9 | AM_MAINTAINER_MODE |
10 | |
10 | |
11 | AH_TOP([ |
11 | AH_TOP([ |
12 | #ifndef CONFIG_H__ |
12 | #ifndef CONFIG_H__ |
… | |
… | |
234 | AC_CACHE_SAVE |
234 | AC_CACHE_SAVE |
235 | |
235 | |
236 | dnl These are defined in files in m4/ |
236 | dnl These are defined in files in m4/ |
237 | tinc_TUNTAP |
237 | tinc_TUNTAP |
238 | |
238 | |
239 | tinc_OPENSSL |
239 | PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1]) |
240 | if test "x$openssl_include" != x; then |
|
|
241 | CXXFLAGS="$CXXFLAGS -I$openssl_include" |
|
|
242 | fi |
|
|
243 | dnl tinc_ZLIB |
|
|
244 | |
240 | |
245 | AC_ARG_ENABLE(threads, |
241 | AC_ARG_ENABLE(threads, |
246 | [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], |
242 | [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], |
247 | [try_threads=$enableval], |
243 | [try_threads=$enableval], |
248 | [try_threads=yes] |
244 | [try_threads=yes] |
… | |
… | |
449 | fi |
445 | fi |
450 | |
446 | |
451 | echo "***" |
447 | echo "***" |
452 | echo |
448 | echo |
453 | |
449 | |
|
|
450 | if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then |
|
|
451 | cat <<EOF |
|
|
452 | @<:@33m |
|
|
453 | *** |
|
|
454 | *** WARNING WARNING WARNING WARNING WARNING WARNING WARNING |
|
|
455 | *** |
|
|
456 | *** You seem to configure gvpe with OpenSSL 1.1 or newer. |
|
|
457 | *** While this probably compiles, please note that this is not only |
|
|
458 | *** unsupported, but also discouraged. |
|
|
459 | *** |
|
|
460 | *** It is recommended to use either OpenSSL 1.0, as long as that is still |
|
|
461 | *** supported, or LibreSSL (https://www.libressl.org/). |
|
|
462 | *** |
|
|
463 | *** This is not a political issue - while porting GVPE to the newer |
|
|
464 | *** OpenSSL 1.1 API, I encountered two incompatible API changes that were |
|
|
465 | *** not documented, were not caught while compiling but caused security |
|
|
466 | *** issues. When reported, the reaction of the OpenSSL developers was to |
|
|
467 | *** update the documentation. |
|
|
468 | *** |
|
|
469 | *** As a result, I lost all confidence in the ability and desire of |
|
|
470 | *** OpenSSL developers to create a safe API, and would highly recommend |
|
|
471 | *** switching to LibreSSL which explicitly avoids such braking changes. |
|
|
472 | *** |
|
|
473 | *** WARNING WARNING WARNING WARNING WARNING WARNING WARNING |
|
|
474 | *** |
|
|
475 | *** Again, do not use OpenSSL 1.1 and complain if stuff breaks. |
|
|
476 | *** You have been warned, but your choice is respected. |
|
|
477 | *** |
|
|
478 | @<:@0m |
454 | |
479 | |
|
|
480 | EOF |
|
|
481 | fi |
|
|
482 | |
|
|
483 | |