ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.49 by pcg, Mon Jan 28 12:00:14 2008 UTC vs.
Revision 1.68 by root, Thu Oct 6 03:25:53 2022 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.59) 3AC_PREREQ([2.71])
4AC_INIT 4AC_INIT([gvpe],[3.1])
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.2) 7AM_INIT_AUTOMAKE
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
46#else 46#else
47# define CLOCALE <locale.h> 47# define CLOCALE <locale.h>
48#endif 48#endif
49]) 49])
50 50
51dnl Include the macros from the m4/ directory
52AM_ACLOCAL_INCLUDE(m4)
53
54AM_GNU_GETTEXT([external]) 51AM_GNU_GETTEXT([external])
55AM_GNU_GETTEXT_VERSION(0.11.5) 52AM_GNU_GETTEXT_VERSION(0.11.5)
56 53
57# Enable GNU extensions. 54# Enable GNU extensions.
58# Define this here, not in acconfig's @TOP@ section, since definitions 55# Define this here, not in acconfig's @TOP@ section, since definitions
64dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions]) 61dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])
65 62
66ALL_LINGUAS="" 63ALL_LINGUAS=""
67 64
68dnl Checks for programs. 65dnl Checks for programs.
69AC_PROG_CC
70AC_PROG_CPP 66AC_PROG_CPP
71AC_PROG_CXX 67AC_PROG_CXX
72AC_PROG_GCC_TRADITIONAL 68AC_PROG_GCC_TRADITIONAL
73AC_PROG_AWK 69AC_PROG_AWK
74AC_PROG_INSTALL 70AC_PROG_INSTALL
183 179
184dnl Checks for typedefs, structures, and compiler characteristics. 180dnl Checks for typedefs, structures, and compiler characteristics.
185AC_C_CONST 181AC_C_CONST
186AC_TYPE_PID_T 182AC_TYPE_PID_T
187AC_TYPE_SIZE_T 183AC_TYPE_SIZE_T
188AC_HEADER_TIME 184AC_CHECK_HEADERS_ONCE([sys/time.h])
185
189AC_STRUCT_TM 186AC_STRUCT_TM
190 187
191AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, 188AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
192[ 189[
193 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
205]) 202])
206if test $ac_cv_struct_addrinfo = yes; then 203if test $ac_cv_struct_addrinfo = yes; then
207 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) 204 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
208fi 205fi
209 206
210dnl Checks for library functions.
211AC_TYPE_SIGNAL
212
213AC_LANG_PUSH(C) 207AC_LANG_PUSH(C)
214
215AC_HEADER_STDC
216 208
217dnl argl, could somebody catapult darwin into the 21st century??? 209dnl argl, could somebody catapult darwin into the 21st century???
218AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) 210AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
219 211
220AC_FUNC_ALLOCA 212AC_FUNC_ALLOCA
238AC_CACHE_SAVE 230AC_CACHE_SAVE
239 231
240dnl These are defined in files in m4/ 232dnl These are defined in files in m4/
241tinc_TUNTAP 233tinc_TUNTAP
242 234
243tinc_OPENSSL 235PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
244if test "x$openssl_include" != x; then 236
245 CXXFLAGS="$CXXFLAGS -I$openssl_include" 237AC_ARG_ENABLE(threads,
238 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
239 [try_threads=$enableval],
240 [try_threads=yes]
241)
242
243if test "x$try_threads" = xyes; then
244 AC_CHECK_HEADER(pthread.h,[
245 LIBS="$LIBS -lpthread"
246 AC_COMPILE_IFELSE(
247 [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
248 [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
249 )
250 ])
246fi 251fi
247dnl tinc_ZLIB
248 252
249AC_ARG_ENABLE(static-daemon, 253AC_ARG_ENABLE(static-daemon,
250 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], 254 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
251 [LDFLAGS_DAEMON=-static] 255 [LDFLAGS_DAEMON=-static]
252) 256)
253AC_SUBST(LDFLAGS_DAEMON) 257AC_SUBST(LDFLAGS_DAEMON)
254 258
255AC_ARG_ENABLE(rohc, 259dnl AC_ARG_ENABLE(rohc,
256 [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], 260dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
257 [ 261dnl [
258 echo 262dnl echo
259 echo "**********************************************************************" 263dnl echo "**********************************************************************"
260 echo "**********************************************************************" 264dnl echo "**********************************************************************"
261 echo "**** --enable-rohc is highly experimental, do not use ****************" 265dnl echo "**** --enable-rohc is highly experimental, do not use ****************"
262 echo "**********************************************************************" 266dnl echo "**********************************************************************"
263 echo "**********************************************************************" 267dnl echo "**********************************************************************"
264 echo 268dnl echo
265 rohc=true 269dnl rohc=true
266 AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) 270dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
267 ] 271dnl ]
268) 272dnl )
269 273
270AM_CONDITIONAL(ROHC, test x$rohc = xtrue) 274AM_CONDITIONAL(ROHC, test x$rohc = xtrue)
271 275
272dnl AC_ARG_ENABLE(bridging, 276dnl AC_ARG_ENABLE(bridging,
273dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)], 277dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
274dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.]) 278dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
275dnl ) 279dnl )
276 280
281ICMP=1
277AC_ARG_ENABLE(icmp, 282AC_ARG_ENABLE(icmp,
278 [AS_HELP_STRING(--enable-icmp,enable icmp protocol support (default disabled).)], 283 [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
284 if test "x$enableval" = xno; then
285 ICMP=0
286 fi
287)
288if test "x$ICMP" = x1; then
279 AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) 289 AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
280) 290fi
281 291
292TCP=1
282AC_ARG_ENABLE(tcp, 293AC_ARG_ENABLE(tcp,
283 [AS_HELP_STRING(--enable-tcp,enable tcp protocol support (default disabled).)], 294 [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
295 if test "x$enableval" = xno; then
296 TCP=0
297 fi
298)
299if test "x$TCP" = x1; then
284 AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) 300 AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
301fi
302
303HTTP=1
304AC_ARG_ENABLE(http-proxy,
305 [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
306 if test "x$enableval" = xno; then
307 HTTP=0
308 fi
285) 309)
310if test "x$HTTP" = x1; then
311 AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
312fi
286 313
287AC_ARG_ENABLE(dns, 314AC_ARG_ENABLE(dns,
288 [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (DOES NOT WORK).)], 315 [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
289 [ 316 [
290 AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])]) 317 AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
291 AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])]) 318 AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])
292 319
293 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) 320 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
294 ] 321 ]
295) 322)
296 323
297AC_ARG_ENABLE(http-proxy, 324RSA=3072
298 [AS_HELP_STRING(--enable-http-proxy,enable http proxy connect support (default disabled).)], 325AC_ARG_ENABLE(rsa-length,
299 AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) 326 [AS_HELP_STRING(--enable-rsa-length=BITS,[
327 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
328 RSA=$enableval
300) 329)
330AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
301 331
302HMAC=12 332HMACSIZE=12
303AC_ARG_ENABLE(hmac-length, 333AC_ARG_ENABLE(hmac-length,
304 [AS_HELP_STRING(--enable-hmac-length=BYTES,[ 334 [AS_HELP_STRING(--enable-hmac-length=BYTES,[
305 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 335 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
306 HMAC=$enableval 336 HMACSIZE=$enableval
307) 337)
308AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) 338AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
309
310RAND=8
311AC_ARG_ENABLE(rand-length,
312 [AS_HELP_STRING(--enable-rand-length=BYTES,
313 [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])],
314 RAND=$enableval
315)
316AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.])
317 339
318MTU=1500 340MTU=1500
319AC_ARG_ENABLE(mtu, 341AC_ARG_ENABLE(max-mtu,
320 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 342 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
321 MTU=$enableval 343 MTU=$enableval
322) 344)
323AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) 345AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
324 346
325COMPRESS=1 347COMPRESS=1
326AC_ARG_ENABLE(compression, 348AC_ARG_ENABLE(compression,
327 [AS_HELP_STRING(--disable-compression,Disable compression support.)], 349 [AS_HELP_STRING(--disable-compression,Disable compression support.)],
328 if test "x$enableval" = xno; then 350 if test "x$enableval" = xno; then
329 COMPRESS=0 351 COMPRESS=0
330 fi 352 fi
331) 353)
332AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 354AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
333 355
334CIPHER=aes_128_cbc 356CIPHER=aes_128_ctr
335AC_ARG_ENABLE(cipher, 357AC_ARG_ENABLE(cipher,
336 [AS_HELP_STRING(--enable-cipher,[ 358 [AS_HELP_STRING(--enable-cipher=CIPHER,[
337 Select the symmetric cipher (default "aes-128"). 359 Select the symmetric cipher (default "aes-128").
338 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], 360 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
339 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 361 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
340 if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi 362 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
341 if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi 363 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
342 if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi 364 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
365 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
366 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
343) 367)
344AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 368AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
345 369
346DIGEST=ripemd160 370HMAC=sha1
347AC_ARG_ENABLE(digest, 371AC_ARG_ENABLE(hmac-digest,
348 [AS_HELP_STRING(--enable-digest,[ 372 [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
349 Select the digest algorithm to use (default "ripemd160"). Must be one of 373 Select the HMAC digest algorithm to use (default "sha1"). Must be one of
350 "sha512", "sha256", "sha1", "ripemd160", "md5" or "md4" (insecure).])], 374 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
375 if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
376 if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
377 if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
378 if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
379 if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
380)
381AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
382
383AUTH=sha512
384AC_ARG_ENABLE(auth-digest,
385 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
386 Select the hmac algorithm to use (default "sha512"). Must be one of
387 "sha512", "sha256", "whirlpool".])],
388 if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
351 if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi 389 if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
352 if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi 390 if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
353 if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi
354 if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
355 if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi
356 if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi
357) 391)
358AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) 392AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
359 393
360if $CXX -v --help 2>&1 | grep -q fno-rtti; then 394if $CXX -v --help 2>&1 | grep -q fno-rtti; then
361 CXXFLAGS="$CXXFLAGS -fno-rtti" 395 CXXFLAGS="$CXXFLAGS -fno-rtti"
362fi 396fi
363 397
368LIBS="$EXTRA_LIBS $LIBS" 402LIBS="$EXTRA_LIBS $LIBS"
369 403
370dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 404dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
371dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 405dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
372dnl fi 406dnl fi
373dnl 407dnl
374dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 408dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
375dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 409dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
376dnl fi 410dnl fi
377 411
378AC_SUBST(INCLUDES) 412AC_SUBST(AM_CPPFLAGS)
379 413
380AC_CONFIG_FILES([Makefile po/Makefile.in 414AC_CONFIG_FILES([Makefile po/Makefile.in
381src/Makefile 415src/Makefile
382doc/Makefile 416doc/Makefile
383lib/Makefile 417lib/Makefile
388echo 422echo
389echo "***" 423echo "***"
390echo "*** Configuration Summary" 424echo "*** Configuration Summary"
391echo "***" 425echo "***"
392echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" 426echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
427echo "*** RSA size: $RSA"
393echo "*** Cipher used: $CIPHER" 428echo "*** Cipher used: $CIPHER"
394echo "*** Digest used: $DIGEST" 429echo "*** Digest used: $DIGEST"
430echo "*** Authdigest: $AUTH"
395echo "*** HMAC length: $HMAC" 431echo "*** HMAC length: $HMAC"
396echo "*** RAND used: $RAND"
397echo "*** Max. MTU: $MTU" 432echo "*** Max. MTU: $MTU"
398 433
399echo "***" 434echo "***"
400echo "*** Enable options:" 435echo "*** Enable options:"
401grep ENABLE_ config.h | sed -e 's/^/*** /' 436grep ENABLE_ config.h | sed -e 's/^/*** /'
402 437
403if test "x$DIGEST" = xmd4; then 438if test "$HMACSIZE" -lt 12; then
404echo "***" 439echo "***"
405echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
406fi
407
408if test "$HMAC" -lt 12; then
409echo "***"
410echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" 440echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
411fi
412
413if test "$RAND" -lt 8; then
414echo "***"
415echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
416fi 441fi
417 442
418echo "***" 443echo "***"
419echo 444echo
420 445
446if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
447 cat <<EOF
448@<:@33m
449***
450*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
451***
452*** You seem to configure gvpe with OpenSSL 1.1 or newer.
453*** While this probably compiles, please note that this is not only
454*** unsupported, but also discouraged.
455***
456*** It is recommended to use either OpenSSL 1.0, as long as that is still
457*** supported, or LibreSSL (https://www.libressl.org/).
458***
459*** This is not a political issue - while porting GVPE to the newer
460*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
461*** not documented, were not caught while compiling but caused security
462*** issues. When reported, the reaction of the OpenSSL developers was to
463*** update the documentation.
464***
465*** As a result, I lost all confidence in the ability and desire of
466*** OpenSSL developers to create a safe API, and would highly recommend
467*** switching to LibreSSL which explicitly avoids such braking changes.
468***
469*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
470***
471*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
472*** You have been warned, but your choice is respected.
473***
474@<:@0m
421 475
476EOF
477fi
478
479

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines