ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.61 by root, Sat Jul 13 04:10:29 2013 UTC vs.
Revision 1.68 by root, Thu Oct 6 03:25:53 2022 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.69) 3AC_PREREQ([2.71])
4AC_INIT 4AC_INIT([gvpe],[3.1])
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.24) 7AM_INIT_AUTOMAKE
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
179 179
180dnl Checks for typedefs, structures, and compiler characteristics. 180dnl Checks for typedefs, structures, and compiler characteristics.
181AC_C_CONST 181AC_C_CONST
182AC_TYPE_PID_T 182AC_TYPE_PID_T
183AC_TYPE_SIZE_T 183AC_TYPE_SIZE_T
184AC_HEADER_TIME 184AC_CHECK_HEADERS_ONCE([sys/time.h])
185
185AC_STRUCT_TM 186AC_STRUCT_TM
186 187
187AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, 188AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
188[ 189[
189 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
201]) 202])
202if test $ac_cv_struct_addrinfo = yes; then 203if test $ac_cv_struct_addrinfo = yes; then
203 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) 204 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
204fi 205fi
205 206
206dnl Checks for library functions.
207AC_TYPE_SIGNAL
208
209AC_LANG_PUSH(C) 207AC_LANG_PUSH(C)
210
211AC_HEADER_STDC
212 208
213dnl argl, could somebody catapult darwin into the 21st century??? 209dnl argl, could somebody catapult darwin into the 21st century???
214AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) 210AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
215 211
216AC_FUNC_ALLOCA 212AC_FUNC_ALLOCA
234AC_CACHE_SAVE 230AC_CACHE_SAVE
235 231
236dnl These are defined in files in m4/ 232dnl These are defined in files in m4/
237tinc_TUNTAP 233tinc_TUNTAP
238 234
239tinc_OPENSSL 235PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
240if test "x$openssl_include" != x; then
241 CXXFLAGS="$CXXFLAGS -I$openssl_include"
242fi
243dnl tinc_ZLIB
244 236
245AC_ARG_ENABLE(threads, 237AC_ARG_ENABLE(threads,
246 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], 238 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
247 [try_threads=$enableval], 239 [try_threads=$enableval],
248 [try_threads=yes] 240 [try_threads=yes]
327 319
328 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) 320 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
329 ] 321 ]
330) 322)
331 323
324RSA=3072
325AC_ARG_ENABLE(rsa-length,
326 [AS_HELP_STRING(--enable-rsa-length=BITS,[
327 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
328 RSA=$enableval
329)
330AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
331
332HMAC=12 332HMACSIZE=12
333AC_ARG_ENABLE(hmac-length, 333AC_ARG_ENABLE(hmac-length,
334 [AS_HELP_STRING(--enable-hmac-length=BYTES,[ 334 [AS_HELP_STRING(--enable-hmac-length=BYTES,[
335 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 335 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
336 HMAC=$enableval 336 HMACSIZE=$enableval
337) 337)
338AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) 338AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
339
340RAND=8
341AC_ARG_ENABLE(rand-length,
342 [AS_HELP_STRING(--enable-rand-length=BYTES,
343 [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])],
344 RAND=$enableval
345)
346AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.])
347 339
348MTU=1500 340MTU=1500
349AC_ARG_ENABLE(max-mtu, 341AC_ARG_ENABLE(max-mtu,
350 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 342 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
351 MTU=$enableval 343 MTU=$enableval
359 COMPRESS=0 351 COMPRESS=0
360 fi 352 fi
361) 353)
362AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 354AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
363 355
364CIPHER=aes_128_cbc 356CIPHER=aes_128_ctr
365AC_ARG_ENABLE(cipher, 357AC_ARG_ENABLE(cipher,
366 [AS_HELP_STRING(--enable-cipher=CIPHER,[ 358 [AS_HELP_STRING(--enable-cipher=CIPHER,[
367 Select the symmetric cipher (default "aes-128"). 359 Select the symmetric cipher (default "aes-128").
368 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], 360 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
369 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 361 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
370 if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi 362 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
371 if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi 363 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
372 if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi 364 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
365 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
366 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
373) 367)
374AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 368AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
375 369
376DIGEST=ripemd160 370HMAC=sha1
377AC_ARG_ENABLE(digest, 371AC_ARG_ENABLE(hmac-digest,
378 [AS_HELP_STRING(--enable-digest=CIPHER,[ 372 [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
379 Select the digest algorithm to use (default "ripemd160"). Must be one of 373 Select the HMAC digest algorithm to use (default "sha1"). Must be one of
380 "sha512", "sha256", "sha1" (legacy), "ripemd160", "md5" (insecure) or "md4" (insecure).])], 374 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
375 if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
376 if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
377 if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
378 if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
379 if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
380)
381AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
382
383AUTH=sha512
384AC_ARG_ENABLE(auth-digest,
385 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
386 Select the hmac algorithm to use (default "sha512"). Must be one of
387 "sha512", "sha256", "whirlpool".])],
388 if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
381 if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi 389 if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
382 if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi 390 if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
383 if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi
384 if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
385 if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi
386 if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi
387) 391)
388AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) 392AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
389 393
390if $CXX -v --help 2>&1 | grep -q fno-rtti; then 394if $CXX -v --help 2>&1 | grep -q fno-rtti; then
391 CXXFLAGS="$CXXFLAGS -fno-rtti" 395 CXXFLAGS="$CXXFLAGS -fno-rtti"
392fi 396fi
393 397
398LIBS="$EXTRA_LIBS $LIBS" 402LIBS="$EXTRA_LIBS $LIBS"
399 403
400dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 404dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
401dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 405dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
402dnl fi 406dnl fi
403dnl 407dnl
404dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 408dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
405dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 409dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
406dnl fi 410dnl fi
407 411
408AC_SUBST(INCLUDES) 412AC_SUBST(AM_CPPFLAGS)
409 413
410AC_CONFIG_FILES([Makefile po/Makefile.in 414AC_CONFIG_FILES([Makefile po/Makefile.in
411src/Makefile 415src/Makefile
412doc/Makefile 416doc/Makefile
413lib/Makefile 417lib/Makefile
418echo 422echo
419echo "***" 423echo "***"
420echo "*** Configuration Summary" 424echo "*** Configuration Summary"
421echo "***" 425echo "***"
422echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" 426echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
427echo "*** RSA size: $RSA"
423echo "*** Cipher used: $CIPHER" 428echo "*** Cipher used: $CIPHER"
424echo "*** Digest used: $DIGEST" 429echo "*** Digest used: $DIGEST"
430echo "*** Authdigest: $AUTH"
425echo "*** HMAC length: $HMAC" 431echo "*** HMAC length: $HMAC"
426echo "*** RAND used: $RAND"
427echo "*** Max. MTU: $MTU" 432echo "*** Max. MTU: $MTU"
428 433
429echo "***" 434echo "***"
430echo "*** Enable options:" 435echo "*** Enable options:"
431grep ENABLE_ config.h | sed -e 's/^/*** /' 436grep ENABLE_ config.h | sed -e 's/^/*** /'
432 437
433if test "x$DIGEST" = xmd4; then 438if test "$HMACSIZE" -lt 12; then
434echo "***" 439echo "***"
435echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
436fi
437
438if test "x$DIGEST" = xmd5; then
439echo "***"
440echo "*** WARNING: The digest you have chosen ($DIGEST) is quite insecure"
441fi
442
443if test "$HMAC" -lt 12; then
444echo "***"
445echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" 440echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
446fi
447
448if test "$RAND" -lt 8; then
449echo "***"
450echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
451fi 441fi
452 442
453echo "***" 443echo "***"
454echo 444echo
455 445
446if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
447 cat <<EOF
448@<:@33m
449***
450*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
451***
452*** You seem to configure gvpe with OpenSSL 1.1 or newer.
453*** While this probably compiles, please note that this is not only
454*** unsupported, but also discouraged.
455***
456*** It is recommended to use either OpenSSL 1.0, as long as that is still
457*** supported, or LibreSSL (https://www.libressl.org/).
458***
459*** This is not a political issue - while porting GVPE to the newer
460*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
461*** not documented, were not caught while compiling but caused security
462*** issues. When reported, the reaction of the OpenSSL developers was to
463*** update the documentation.
464***
465*** As a result, I lost all confidence in the ability and desire of
466*** OpenSSL developers to create a safe API, and would highly recommend
467*** switching to LibreSSL which explicitly avoids such braking changes.
468***
469*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
470***
471*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
472*** You have been warned, but your choice is respected.
473***
474@<:@0m
456 475
476EOF
477fi
478
479

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines