ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.55 by pcg, Sat Jul 18 05:59:16 2009 UTC vs.
Revision 1.66 by root, Thu Oct 25 04:32:26 2018 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.59) 3AC_PREREQ(2.69)
4AC_INIT 4AC_INIT
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.22) 7AM_INIT_AUTOMAKE(gvpe, 3.1)
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
45# define CLOCALE <clocale> 45# define CLOCALE <clocale>
46#else 46#else
47# define CLOCALE <locale.h> 47# define CLOCALE <locale.h>
48#endif 48#endif
49]) 49])
50
51dnl Include the macros from the m4/ directory
52AM_ACLOCAL_INCLUDE(m4)
53 50
54AM_GNU_GETTEXT([external]) 51AM_GNU_GETTEXT([external])
55AM_GNU_GETTEXT_VERSION(0.11.5) 52AM_GNU_GETTEXT_VERSION(0.11.5)
56 53
57# Enable GNU extensions. 54# Enable GNU extensions.
237AC_CACHE_SAVE 234AC_CACHE_SAVE
238 235
239dnl These are defined in files in m4/ 236dnl These are defined in files in m4/
240tinc_TUNTAP 237tinc_TUNTAP
241 238
242tinc_OPENSSL 239PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
243if test "x$openssl_include" != x; then 240
244 CXXFLAGS="$CXXFLAGS -I$openssl_include" 241AC_ARG_ENABLE(threads,
242 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
243 [try_threads=$enableval],
244 [try_threads=yes]
245)
246
247if test "x$try_threads" = xyes; then
248 AC_CHECK_HEADER(pthread.h,[
249 LIBS="$LIBS -lpthread"
250 AC_COMPILE_IFELSE(
251 [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
252 [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
253 )
254 ])
245fi 255fi
246dnl tinc_ZLIB
247 256
248AC_ARG_ENABLE(static-daemon, 257AC_ARG_ENABLE(static-daemon,
249 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], 258 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
250 [LDFLAGS_DAEMON=-static] 259 [LDFLAGS_DAEMON=-static]
251) 260)
314 323
315 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) 324 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
316 ] 325 ]
317) 326)
318 327
328RSA=3072
329AC_ARG_ENABLE(rsa-length,
330 [AS_HELP_STRING(--enable-rsa-length=BITS,[
331 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
332 RSA=$enableval
333)
334AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
335
319HMAC=12 336HMACSIZE=12
320AC_ARG_ENABLE(hmac-length, 337AC_ARG_ENABLE(hmac-length,
321 [AS_HELP_STRING(--enable-hmac-length=BYTES,[ 338 [AS_HELP_STRING(--enable-hmac-length=BYTES,[
322 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 339 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
323 HMAC=$enableval 340 HMACSIZE=$enableval
324) 341)
325AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) 342AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
326
327RAND=8
328AC_ARG_ENABLE(rand-length,
329 [AS_HELP_STRING(--enable-rand-length=BYTES,
330 [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])],
331 RAND=$enableval
332)
333AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.])
334 343
335MTU=1500 344MTU=1500
336AC_ARG_ENABLE(mtu, 345AC_ARG_ENABLE(max-mtu,
337 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 346 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
338 MTU=$enableval 347 MTU=$enableval
339) 348)
340AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) 349AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
341 350
342COMPRESS=1 351COMPRESS=1
343AC_ARG_ENABLE(compression, 352AC_ARG_ENABLE(compression,
344 [AS_HELP_STRING(--disable-compression,Disable compression support.)], 353 [AS_HELP_STRING(--disable-compression,Disable compression support.)],
345 if test "x$enableval" = xno; then 354 if test "x$enableval" = xno; then
346 COMPRESS=0 355 COMPRESS=0
347 fi 356 fi
348) 357)
349AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 358AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
350 359
351CIPHER=aes_128_cbc 360CIPHER=aes_128_ctr
352AC_ARG_ENABLE(cipher, 361AC_ARG_ENABLE(cipher,
353 [AS_HELP_STRING(--enable-cipher=CIPHER,[ 362 [AS_HELP_STRING(--enable-cipher=CIPHER,[
354 Select the symmetric cipher (default "aes-128"). 363 Select the symmetric cipher (default "aes-128").
355 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], 364 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
356 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 365 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
357 if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi 366 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
358 if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi 367 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
359 if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi 368 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
369 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
370 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
360) 371)
361AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 372AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
362 373
363DIGEST=ripemd160 374HMAC=sha1
364AC_ARG_ENABLE(digest, 375AC_ARG_ENABLE(hmac-digest,
365 [AS_HELP_STRING(--enable-digest=CIPHER,[ 376 [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
366 Select the digest algorithm to use (default "ripemd160"). Must be one of 377 Select the HMAC digest algorithm to use (default "sha1"). Must be one of
367 "sha512", "sha256", "sha1" (somewhat insecure), "ripemd160", "md5" (insecure) or "md4" (insecure).])], 378 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
379 if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
380 if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
381 if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
382 if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
383 if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
384)
385AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
386
387AUTH=sha512
388AC_ARG_ENABLE(auth-digest,
389 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
390 Select the hmac algorithm to use (default "sha512"). Must be one of
391 "sha512", "sha256", "whirlpool".])],
392 if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
368 if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi 393 if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
369 if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi 394 if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
370 if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi
371 if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
372 if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi
373 if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi
374) 395)
375AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) 396AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
376 397
377if $CXX -v --help 2>&1 | grep -q fno-rtti; then 398if $CXX -v --help 2>&1 | grep -q fno-rtti; then
378 CXXFLAGS="$CXXFLAGS -fno-rtti" 399 CXXFLAGS="$CXXFLAGS -fno-rtti"
379fi 400fi
380 401
385LIBS="$EXTRA_LIBS $LIBS" 406LIBS="$EXTRA_LIBS $LIBS"
386 407
387dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 408dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
388dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 409dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
389dnl fi 410dnl fi
390dnl 411dnl
391dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 412dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
392dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 413dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
393dnl fi 414dnl fi
394 415
395AC_SUBST(INCLUDES) 416AC_SUBST(INCLUDES)
405echo 426echo
406echo "***" 427echo "***"
407echo "*** Configuration Summary" 428echo "*** Configuration Summary"
408echo "***" 429echo "***"
409echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" 430echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
431echo "*** RSA size: $RSA"
410echo "*** Cipher used: $CIPHER" 432echo "*** Cipher used: $CIPHER"
411echo "*** Digest used: $DIGEST" 433echo "*** Digest used: $DIGEST"
434echo "*** Authdigest: $AUTH"
412echo "*** HMAC length: $HMAC" 435echo "*** HMAC length: $HMAC"
413echo "*** RAND used: $RAND"
414echo "*** Max. MTU: $MTU" 436echo "*** Max. MTU: $MTU"
415 437
416echo "***" 438echo "***"
417echo "*** Enable options:" 439echo "*** Enable options:"
418grep ENABLE_ config.h | sed -e 's/^/*** /' 440grep ENABLE_ config.h | sed -e 's/^/*** /'
419 441
420if test "x$DIGEST" = xmd4; then 442if test "$HMACSIZE" -lt 12; then
421echo "***" 443echo "***"
422echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
423fi
424
425if test "$HMAC" -lt 12; then
426echo "***"
427echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" 444echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
428fi
429
430if test "$RAND" -lt 8; then
431echo "***"
432echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
433fi 445fi
434 446
435echo "***" 447echo "***"
436echo 448echo
437 449
450if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
451 cat <<EOF
452@<:@33m
453***
454*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
455***
456*** You seem to configure gvpe with OpenSSL 1.1 or newer.
457*** While this probably compiles, please note that this is not only
458*** unsupported, but also discouraged.
459***
460*** It is recommended to use either OpenSSL 1.0, as long as that is still
461*** supported, or LibreSSL (https://www.libressl.org/).
462***
463*** This is not a political issue - while porting GVPE to the newer
464*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
465*** not documented, were not caught while compiling but caused security
466*** issues. When reported, the reaction of the OpenSSL developers was to
467*** update the documentation.
468***
469*** As a result, I lost all confidence in the ability and desire of
470*** OpenSSL developers to create a safe API, and would highly recommend
471*** switching to LibreSSL which explicitly avoids such braking changes.
472***
473*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
474***
475*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
476*** You have been warned, but your choice is respected.
477***
478@<:@0m
438 479
480EOF
481fi
482
483

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines