ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.63 by root, Thu Jul 18 13:35:19 2013 UTC vs.
Revision 1.67 by root, Thu Oct 25 07:31:58 2018 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.69) 3AC_PREREQ(2.69)
4AC_INIT 4AC_INIT(gvpe, 3.1)
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.25) 7AM_INIT_AUTOMAKE
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
234AC_CACHE_SAVE 234AC_CACHE_SAVE
235 235
236dnl These are defined in files in m4/ 236dnl These are defined in files in m4/
237tinc_TUNTAP 237tinc_TUNTAP
238 238
239tinc_OPENSSL 239PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
240if test "x$openssl_include" != x; then
241 CXXFLAGS="$CXXFLAGS -I$openssl_include"
242fi
243dnl tinc_ZLIB
244 240
245AC_ARG_ENABLE(threads, 241AC_ARG_ENABLE(threads,
246 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], 242 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
247 [try_threads=$enableval], 243 [try_threads=$enableval],
248 [try_threads=yes] 244 [try_threads=yes]
343 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 339 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
344 HMACSIZE=$enableval 340 HMACSIZE=$enableval
345) 341)
346AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) 342AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
347 343
348RANDSIZE=12
349AC_ARG_ENABLE(rand-length,
350 [AS_HELP_STRING(--enable-rand-length=BYTES,
351 [use BYTES bytes of extra randomness (default 12). Allowed values are 0, 4, 8, 12.])],
352 RANDSIZE=$enableval
353)
354AC_DEFINE_UNQUOTED(RAND_SIZE, $RANDSIZE, [Add this many bytes of randomness to each packet.])
355
356MTU=1500 344MTU=1500
357AC_ARG_ENABLE(max-mtu, 345AC_ARG_ENABLE(max-mtu,
358 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 346 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
359 MTU=$enableval 347 MTU=$enableval
360) 348)
367 COMPRESS=0 355 COMPRESS=0
368 fi 356 fi
369) 357)
370AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 358AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
371 359
372CIPHER=aes_128_cbc 360CIPHER=aes_128_ctr
373AC_ARG_ENABLE(cipher, 361AC_ARG_ENABLE(cipher,
374 [AS_HELP_STRING(--enable-cipher=CIPHER,[ 362 [AS_HELP_STRING(--enable-cipher=CIPHER,[
375 Select the symmetric cipher (default "aes-128"). 363 Select the symmetric cipher (default "aes-128").
376 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], 364 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
377 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 365 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
378 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi 366 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
379 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi 367 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
380 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi 368 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
381 if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi 369 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
382 if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi 370 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
383) 371)
384AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 372AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
385 373
386HMAC=sha1 374HMAC=sha1
387AC_ARG_ENABLE(hmac-digest, 375AC_ARG_ENABLE(hmac-digest,
418LIBS="$EXTRA_LIBS $LIBS" 406LIBS="$EXTRA_LIBS $LIBS"
419 407
420dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 408dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
421dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 409dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
422dnl fi 410dnl fi
423dnl 411dnl
424dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 412dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
425dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 413dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
426dnl fi 414dnl fi
427 415
428AC_SUBST(INCLUDES) 416AC_SUBST(AM_CPPFLAGS)
429 417
430AC_CONFIG_FILES([Makefile po/Makefile.in 418AC_CONFIG_FILES([Makefile po/Makefile.in
431src/Makefile 419src/Makefile
432doc/Makefile 420doc/Makefile
433lib/Makefile 421lib/Makefile
443echo "*** RSA size: $RSA" 431echo "*** RSA size: $RSA"
444echo "*** Cipher used: $CIPHER" 432echo "*** Cipher used: $CIPHER"
445echo "*** Digest used: $DIGEST" 433echo "*** Digest used: $DIGEST"
446echo "*** Authdigest: $AUTH" 434echo "*** Authdigest: $AUTH"
447echo "*** HMAC length: $HMAC" 435echo "*** HMAC length: $HMAC"
448echo "*** RAND used: $RAND"
449echo "*** Max. MTU: $MTU" 436echo "*** Max. MTU: $MTU"
450 437
451echo "***" 438echo "***"
452echo "*** Enable options:" 439echo "*** Enable options:"
453grep ENABLE_ config.h | sed -e 's/^/*** /' 440grep ENABLE_ config.h | sed -e 's/^/*** /'
455if test "$HMACSIZE" -lt 12; then 442if test "$HMACSIZE" -lt 12; then
456echo "***" 443echo "***"
457echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" 444echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
458fi 445fi
459 446
460if test "$RANDSIZE" -lt 12; then
461echo "***"
462echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure"
463fi
464
465echo "***" 447echo "***"
466echo 448echo
467 449
450if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
451 cat <<EOF
452@<:@33m
453***
454*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
455***
456*** You seem to configure gvpe with OpenSSL 1.1 or newer.
457*** While this probably compiles, please note that this is not only
458*** unsupported, but also discouraged.
459***
460*** It is recommended to use either OpenSSL 1.0, as long as that is still
461*** supported, or LibreSSL (https://www.libressl.org/).
462***
463*** This is not a political issue - while porting GVPE to the newer
464*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
465*** not documented, were not caught while compiling but caused security
466*** issues. When reported, the reaction of the OpenSSL developers was to
467*** update the documentation.
468***
469*** As a result, I lost all confidence in the ability and desire of
470*** OpenSSL developers to create a safe API, and would highly recommend
471*** switching to LibreSSL which explicitly avoids such braking changes.
472***
473*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
474***
475*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
476*** You have been warned, but your choice is respected.
477***
478@<:@0m
468 479
480EOF
481fi
482
483

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines