"Fossies" - the Fresh Open Source Software Archive

Member "openconnect-8.05/configure.ac" (11 Sep 2019, 38068 Bytes) of package /linux/privat/openconnect-8.05.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "configure.ac": 8.04_vs_8.05.

    1 AC_INIT(openconnect, 8.05)
    2 AC_CONFIG_HEADERS([config.h])
    3 
    4 PKG_PROG_PKG_CONFIG
    5 AC_LANG_C
    6 AC_CANONICAL_HOST
    7 AM_MAINTAINER_MODE([enable])
    8 AM_INIT_AUTOMAKE([foreign tar-ustar])
    9 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
   10 
   11 AC_PREREQ([2.62], [], [AC_SUBST([localedir], ['$(datadir)/locale'])])
   12 
   13 # Upstream's pkg.m4 (since 0.27) offers this now, but define our own
   14 # compatible version in case the local version of pkgconfig isn't new enough.
   15 # https://bugs.freedesktop.org/show_bug.cgi?id=48743
   16 m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR],
   17 	  [AC_ARG_WITH([pkgconfigdir],
   18 		       [AS_HELP_STRING([--with-pkgconfigdir],
   19 		       [install directory for openconnect.pc pkg-config file])],
   20 			[],[with_pkgconfigdir='$(libdir)/pkgconfig'])
   21 	   AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])])
   22 
   23 use_openbsd_libtool=
   24 symver_time=
   25 symver_getline=
   26 symver_asprintf=
   27 symver_vasprintf=
   28 symver_win32_strerror=
   29 
   30 case $host_os in
   31  *linux* | *gnu* | *nacl*)
   32     AC_MSG_NOTICE([Applying feature macros for GNU build])
   33     AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE])
   34     ;;
   35  *netbsd*)
   36     AC_MSG_NOTICE([Applying feature macros for NetBSD build])
   37     AC_DEFINE(_POSIX_C_SOURCE, 200112L, [_POSIX_C_SOURCE])
   38     AC_DEFINE(_NETBSD_SOURCE, 1, [_NETBSD_SOURCE])
   39     ;;
   40  *openbsd*)
   41     AC_MSG_NOTICE([Applying feature macros for OpenBSD build])
   42     use_openbsd_libtool=true
   43     ;;
   44  *solaris*|*sunos*)
   45     AC_MSG_NOTICE([Applying workaround for broken SunOS time() function])
   46     AC_DEFINE(HAVE_SUNOS_BROKEN_TIME, 1, [On SunOS time() can go backwards])
   47     symver_time="openconnect__time;"
   48     ;;
   49  *mingw32*|*mingw64*|*msys*)
   50     AC_MSG_NOTICE([Applying feature macros for MinGW/Windows build])
   51     # For GetVolumeInformationByHandleW() which is Vista+
   52     AC_DEFINE(_WIN32_WINNT, 0x600, [Windows API version])
   53     have_win=yes
   54     # For asprintf()
   55     AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE])
   56     symver_win32_strerror="openconnect__win32_strerror;"
   57     # Win32 does have the SCard API
   58     system_pcsc_libs="-lwinscard"
   59     system_pcsc_cflags=
   60     AC_CHECK_TOOL([WINDRES], [windres], [])
   61     ;;
   62  *darwin*)
   63     system_pcsc_libs="-Wl,-framework -Wl,PCSC"
   64     system_pcsc_cflags=
   65     ;;
   66  *)
   67     # On FreeBSD the only way to get vsyslog() visible is to define
   68     #  *nothing*, which makes absolutely everything visible.
   69     # On Darwin enabling _POSIX_C_SOURCE breaks <sys/mount.h> because
   70     # u_long and other types don't get defined. OpenBSD is similar.
   71     ;;
   72 esac
   73 AM_CONDITIONAL(OPENCONNECT_WIN32,  [ test "$have_win" = "yes" ])
   74 
   75 AC_ARG_WITH([vpnc-script],
   76 	[AS_HELP_STRING([--with-vpnc-script],
   77 	  [default location of vpnc-script helper])])
   78 
   79 if test "$with_vpnc_script" = "yes" || test "$with_vpnc_script" = ""; then
   80    AC_MSG_CHECKING([for vpnc-script in standard locations])
   81    if test "$have_win" = "yes"; then
   82       with_vpnc_script=vpnc-script-win.js
   83    else
   84       for with_vpnc_script in /usr/local/share/vpnc-scripts/vpnc-script /usr/local/sbin/vpnc-script /usr/share/vpnc-scripts/vpnc-script /usr/sbin/vpnc-script /etc/vpnc/vpnc-script; do
   85          if test -x "$with_vpnc_script"; then
   86             break
   87          fi
   88       done
   89       if ! test -x "$with_vpnc_script"; then
   90 	 AC_MSG_ERROR([${with_vpnc_script} does not seem to be executable.]
   91  [OpenConnect will not function correctly without a vpnc-script.]
   92  [See http://www.infradead.org/openconnect/vpnc-script.html for more details.]
   93  []
   94  [If you are building a distribution package, please ensure that your]
   95  [packaging is correct, and that a vpnc-script will be installed when the]
   96  [user installs your package. You should provide a --with-vpnc-script=]
   97  [argument to this configure script, giving the full path where the script]
   98  [will be installed.]
   99  []
  100  [The standard location is ${with_vpnc_script}. To bypass this error and]
  101  [build OpenConnect to use the script from this location, even though it is]
  102  [not present at the time you are building OpenConnect, pass the argument]
  103  ["--with-vpnc-script=${with_vpnc_script}"])
  104       else
  105          AC_MSG_RESULT([${with_vpnc_script}])
  106       fi
  107    fi
  108 elif test "$with_vpnc_script" = "no"; then
  109    AC_ERROR([You cannot disable vpnc-script.]
  110    [OpenConnect will not function correctly without it.]
  111    [See http://www.infradead.org/openconnect/vpnc-script.html])
  112 elif test "$have_win" = "yes"; then
  113    # Oh Windows how we hate thee. If user specifies a vpnc-script and it contains
  114    # backslashes, double them all up to survive escaping.
  115    with_vpnc_script="$(echo "${with_vpnc_script}" | sed s/\\\\/\\\\\\\\/g)"
  116 fi
  117 
  118 AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}", [Default vpnc-script locatin])
  119 AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}")
  120 
  121 AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1, [Have fdevname_r() function])], [])
  122 AC_CHECK_FUNC(statfs, [AC_DEFINE(HAVE_STATFS, 1, [Have statfs() function])], [])
  123 AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1, [Have getline() function])],
  124     [symver_getline="openconnect__getline;"])
  125 AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1, [Have strcasestr() function])], [])
  126 AC_CHECK_FUNC(strndup, [AC_DEFINE(HAVE_STRNDUP, 1, [Have strndup() function])], [])
  127 AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1, [Have asprintf() function])],
  128     [symver_asprintf="openconnect__asprintf;"])
  129 AC_CHECK_FUNC(vasprintf, [AC_DEFINE(HAVE_VASPRINTF, 1, [Have vasprintf() function])],
  130     [symver_vasprintf="openconnect__vasprintf;"])
  131 
  132 if test -n "$symver_vasprintf"; then
  133   AC_MSG_CHECKING([for va_copy])
  134   AC_LINK_IFELSE([AC_LANG_PROGRAM([
  135 	#include <stdarg.h>
  136 	va_list a;],[
  137 	va_list b;
  138 	va_copy(b,a);
  139 	va_end(b);])],
  140 	[AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()])
  141 	AC_MSG_RESULT(va_copy)],
  142 	[AC_LINK_IFELSE([AC_LANG_PROGRAM([
  143 		#include <stdarg.h>
  144 		va_list a;],[
  145 		va_list b;
  146 		__va_copy(b,a);
  147 		va_end(b);])],
  148 		[AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()])
  149 		AC_MSG_RESULT(__va_copy)],
  150 		[AC_MSG_RESULT(no)
  151 		AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])])
  152 	])
  153 fi
  154 AC_SUBST(SYMVER_TIME, $symver_time)
  155 AC_SUBST(SYMVER_GETLINE, $symver_getline)
  156 AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf)
  157 AC_SUBST(SYMVER_VASPRINTF, $symver_vasprintf)
  158 AC_SUBST(SYMVER_WIN32_STRERROR, $symver_win32_strerror)
  159 
  160 AS_COMPILER_FLAGS(WFLAGS,
  161         "-Wall
  162          -Wextra
  163          -Wno-missing-field-initializers
  164          -Wno-sign-compare
  165          -Wno-unused-parameter
  166          -Werror=pointer-to-int-cast
  167          -Wdeclaration-after-statement
  168          -Werror-implicit-function-declaration
  169          -Wformat-nonliteral
  170          -Wformat-security
  171          -Winit-self
  172          -Wmissing-declarations
  173          -Wmissing-include-dirs
  174          -Wnested-externs
  175          -Wpointer-arith
  176          -Wwrite-strings")
  177 AC_SUBST(WFLAGS, [$WFLAGS])
  178 
  179 oldCFLAGS="$CFLAGS"
  180 CFLAGS="$CFLAGS $WFLAGS"
  181 AC_MSG_CHECKING([For memset_s])
  182 AC_LINK_IFELSE([AC_LANG_PROGRAM([
  183 	#define __STDC_WANT_LIB_EXT1__ 1
  184 	#include <string.h>],[[
  185 	unsigned char *foo[16];
  186 	memset_s(foo, 16, 0, 16);]])],
  187 	       [AC_MSG_RESULT([yes])
  188 	        AC_DEFINE(__STDC_WANT_LIB_EXT1__, 1, [To request memset_s])
  189 	        AC_DEFINE(HAVE_MEMSET_S, 1, [Have memset_s() function])],
  190 	       [AC_MSG_RESULT([no])
  191 	        AC_CHECK_FUNC(explicit_memset,
  192 			      [AC_DEFINE(HAVE_EXPLICIT_MEMSET, 1, [Have explicit_memset() function])],
  193 			      [AC_CHECK_FUNC(explicit_bzero,
  194 					     [AC_DEFINE(HAVE_EXPLICIT_BZERO, 1, [Have explicit_bzero() function])],
  195 					     [])
  196 			      ])
  197 	       ])
  198 CFLAGS="$oldCFLAGS"
  199 
  200 if test "$have_win" = yes; then
  201    # Checking "properly" for __attribute__((dllimport,stdcall)) functions is non-trivial
  202    LIBS="$LIBS -lws2_32 -lshlwapi -lsecur32 -liphlpapi"
  203 else
  204    AC_CHECK_FUNC(socket, [], AC_CHECK_LIB(socket, socket, [], AC_ERROR(Cannot find socket() function)))
  205 fi
  206 
  207 have_inet_aton=yes
  208 AC_CHECK_FUNC(inet_aton, [], AC_CHECK_LIB(nsl, inet_aton, [], have_inet_aton=no))
  209 if test "$have_inet_aton" = "yes"; then
  210    AC_DEFINE(HAVE_INET_ATON, 1, [Have inet_aton()])
  211 fi
  212 
  213 AC_MSG_CHECKING([for IPV6_PATHMTU socket option])
  214 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
  215 		  #include <netinet/in.h>
  216 		  #include <sys/socket.h>
  217 		  #include <sys/types.h>],[
  218 		  int foo = IPV6_PATHMTU; (void)foo;])],
  219 		  [AC_DEFINE(HAVE_IPV6_PATHMTU, 1, [Have IPV6_PATHMTU socket option])
  220 		   AC_MSG_RESULT([yes])],
  221 		  [AC_MSG_RESULT([no])])
  222 
  223 AC_CHECK_FUNC(__android_log_vprint, [], AC_CHECK_LIB(log, __android_log_vprint, [], []))
  224 
  225 AC_ENABLE_SHARED
  226 AC_DISABLE_STATIC
  227 
  228 AC_CHECK_FUNC(nl_langinfo, [AC_DEFINE(HAVE_NL_LANGINFO, 1, [Have nl_langinfo() function])], [])
  229 
  230 if test "$ac_cv_func_nl_langinfo" = "yes"; then
  231     AM_ICONV
  232     if test "$am_cv_func_iconv" = "yes"; then
  233 	AC_SUBST(ICONV_LIBS, [$LTLIBICONV])
  234 	AC_SUBST(ICONV_CFLAGS, [$INCICONV])
  235 	AC_DEFINE(HAVE_ICONV, 1, [Have iconv() function])
  236     fi
  237 fi
  238 AM_CONDITIONAL(OPENCONNECT_ICONV, [test "$am_cv_func_iconv" = "yes"])
  239 
  240 AC_ARG_ENABLE([nls],
  241 	AS_HELP_STRING([--disable-nls], [Do not use Native Language Support]),
  242 	[USE_NLS=$enableval], [USE_NLS=yes])
  243 LIBINTL=
  244 if test "$USE_NLS" = "yes"; then
  245    AC_PATH_PROG(MSGFMT, msgfmt)
  246    if test "$MSGFMT" = ""; then
  247       AC_ERROR([msgfmt could not be found. Try configuring with --disable-nls])
  248    fi
  249 fi
  250 LIBINTL=
  251 if test "$USE_NLS" = "yes"; then
  252    AC_MSG_CHECKING([for functional NLS support])
  253    AC_LINK_IFELSE([AC_LANG_PROGRAM([
  254     #include <locale.h>
  255     #include <libintl.h>],[
  256     setlocale(LC_ALL, "");
  257     bindtextdomain("openconnect", "/tmp");
  258     (void)dgettext("openconnect", "foo");])],
  259     [AC_MSG_RESULT(yes)],
  260     [AC_LIB_LINKFLAGS_BODY([intl])
  261      oldLIBS="$LIBS"
  262      LIBS="$LIBS $LIBINTL"
  263      oldCFLAGS="$LIBS"
  264      CFLAGS="$CFLAGS $INCINTL"
  265      AC_LINK_IFELSE([AC_LANG_PROGRAM([
  266       #include <locale.h>
  267       #include <libintl.h>],[
  268       setlocale(LC_ALL, "");
  269       bindtextdomain("openconnect", "/tmp");
  270       (void)dgettext("openconnect", "foo");])],
  271       [AC_MSG_RESULT(yes (with $INCINTL $LIBINTL))],
  272       [AC_MSG_RESULT(no)
  273        USE_NLS=no])
  274      LIBS="$oldLIBS"])
  275 fi
  276 
  277 if test "$USE_NLS" = "yes"; then
  278    AC_SUBST(INTL_LIBS, [$LTLIBINTL])
  279    AC_SUBST(INTL_CFLAGS, [$INCINTL])
  280    AC_DEFINE(ENABLE_NLS, 1, [Enable NLS support])
  281 fi
  282 AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"])
  283 
  284 AC_ARG_WITH([system-cafile],
  285 	    AS_HELP_STRING([--with-system-cafile],
  286 			   [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions]))
  287 
  288 # We will use GnuTLS by default if it's present. We used to suppport
  289 # using GnuTLS for the TLS connections and OpenSSL for DTLS, but none
  290 # of the reasons for that make sense any more.
  291 
  292 AC_ARG_WITH([gnutls],
  293     AS_HELP_STRING([--without-gnutls], [Do not attempt to use GnuTLS; use OpenSSL instead]))
  294 AC_ARG_WITH([openssl],
  295     AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir]))
  296 
  297 ssl_library=
  298 esp=
  299 dtls=
  300 
  301 if test "$with_openssl" != "" -a "$with_openssl" != "no"; then
  302     if test "$with_gnutls" = ""; then
  303 	with_gnutls=no
  304     elif test "$with_gnutls" = "yes"; then
  305 	AC_MSG_ERROR([You cannot choose both GnuTLS and OpenSSL.])
  306     fi
  307 fi
  308 
  309 # First, check if GnuTLS exists and is usable
  310 if test "$with_gnutls" = "yes" || test "$with_gnutls" = ""; then
  311     PKG_CHECK_MODULES(GNUTLS, gnutls,
  312        [if ! $PKG_CONFIG --atleast-version=3.2.10 gnutls; then
  313 	    AC_MSG_WARN([Your GnuTLS is too old. At least v3.2.10 is required])
  314 	else
  315 	    ssl_library=GnuTLS
  316 	fi], [:])
  317 elif test "$with_gnutls" != "no"; then
  318     AC_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
  319 fi
  320 
  321 # Do we need to look for OpenSSL?
  322 if test "$ssl_library" = ""; then
  323     if test "$with_gnutls" = "yes" -o "$with_openssl" = "no"; then
  324 	    AC_MSG_ERROR([Suitable GnuTLS required but not found])
  325     elif test "$with_openssl" = "yes" -o "$with_openssl" = ""; then
  326         PKG_CHECK_MODULES(OPENSSL, openssl, [AC_SUBST(SSL_PC, [openssl])],
  327 	    [oldLIBS="$LIBS"
  328 	     LIBS="$LIBS -lssl -lcrypto"
  329 	     AC_MSG_CHECKING([for OpenSSL without pkg-config])
  330 	     AC_LINK_IFELSE([AC_LANG_PROGRAM([
  331 			        #include <openssl/ssl.h>
  332 				#include <openssl/err.h>],[
  333 				SSL_library_init();
  334 				ERR_clear_error();
  335 				SSL_load_error_strings();
  336 				OpenSSL_add_all_algorithms();])],
  337 			[AC_MSG_RESULT(yes)
  338 			 AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"])
  339 			 AC_SUBST([OPENSSL_CFLAGS], [])]
  340 			 AC_SUBST([openssl_pc_libs], [$OPENSSL_LIBS]),
  341 			[AC_MSG_RESULT(no)
  342 			 AC_ERROR([Could not build against OpenSSL])])
  343 	     LIBS="$oldLIBS"])
  344 	ssl_library=OpenSSL
  345 	PKG_CHECK_MODULES(P11KIT, p11-kit-1,
  346 	    # libp11 0.4.7 fails to export ERR_LIB_PKCS11 so we don't know what it
  347 	    # is and can't match its errors, which we need to for login checks.
  348 	    [PKG_CHECK_MODULES(LIBP11, libp11 != 0.4.7,
  349 		[AC_DEFINE(HAVE_LIBP11, 1, [Have libp11 and p11-kit for OpenSSL])
  350 		 AC_SUBST(P11KIT_PC, ["libp11 p11-kit-1"])
  351 		 proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
  352 		 pkcs11_support="libp11"
  353 		 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
  354 		[:])], [:])
  355     else
  356 	OPENSSL_CFLAGS="-I${with_openssl}/include ${OPENSSL_CFLAGS}"
  357 	if test -r "${with_openssl}/libssl.a" -a -r "${with_openssl}/libcrypto.a";  then
  358 	    OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz -pthread"
  359 	elif test -r "${with_openssl}/crypto/.libs/libcrypto.a" -a \
  360 		  -r "${with_openssl}/ssl/.libs/libssl.a"; then
  361 	    OPENSSL_LIBS="${with_openssl}/ssl/.libs/libssl.a ${with_openssl}/crypto/.libs/libcrypto.a -ldl -lz -pthread"
  362 	else
  363 	    AC_ERROR([Could not find OpenSSL libraries in ${with_openssl}]);
  364 	fi
  365 	AC_SUBST(OPENSSL_CFLAGS)
  366 	AC_SUBST(OPENSSL_LIBS)
  367 	enable_static=yes
  368 	enable_shared=no
  369 	ssl_library=OpenSSL
  370     fi
  371 fi
  372 
  373 AC_ARG_WITH([openssl-version-check],
  374     AS_HELP_STRING([--without-openssl-version-check], [Do not check for known-broken OpenSSL versions]))
  375 AC_ARG_WITH([default-gnutls-priority],
  376     AS_HELP_STRING([--with-default-gnutls-priority=STRING],
  377 	[Provide a default string as GnuTLS priority string]),
  378 	default_gnutls_priority=$withval)
  379 if test -n "$default_gnutls_priority"; then
  380    AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string])
  381 fi
  382 
  383 tss2lib=
  384 case "$ssl_library" in
  385     OpenSSL)
  386 	oldLIBS="${LIBS}"
  387 	oldCFLAGS="${CFLAGS}"
  388 	LIBS="${LIBS} ${OPENSSL_LIBS}"
  389 	CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
  390 
  391 	# Check for the various known-broken versions of OpenSSL, which includes LibreSSL.
  392 	if test "$with_openssl_version_check" != "no"; then
  393 	    AC_MSG_CHECKING([for known-broken versions of OpenSSL])
  394 	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],
  395 				[#if defined(LIBRESSL_VERSION_NUMBER)
  396 				#error Bad OpenSSL
  397 				#endif
  398 				])],
  399 			  [],
  400 			  [AC_MSG_RESULT(yes)
  401 			   AC_MSG_ERROR([LibreSSL does not support Cisco DTLS.]
  402 [Build with OpenSSL or GnuTLS instead.])])
  403 	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \
  404 				    (OPENSSL_VERSION_NUMBER == 0x10002000L || \
  405 				    (OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \
  406 				    (OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L))
  407 				#error Bad OpenSSL
  408 				#endif
  409 				])],
  410 			  [],
  411 			  [AC_MSG_RESULT(yes)
  412 			   AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.]
  413 [See http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest]
  414 [Add --without-openssl-version-check to configure args to avoid this check, or]
  415 [perhaps consider building with GnuTLS instead.])])
  416 	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \
  417 				    (OPENSSL_VERSION_NUMBER == 0x1000200fL)
  418 				#error Bad OpenSSL
  419 				#endif
  420 				])],
  421 			  [],
  422 			  [AC_MSG_RESULT(yes)
  423 			   AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.]
  424 [See http://rt.openssl.org/Ticket/Display.html?id=3703&user=guest&pass=guest]
  425 [and http://rt.openssl.org/Ticket/Display.html?id=3711&user=guest&pass=guest]
  426 [Add --without-openssl-version-check to configure args to avoid this check, or]
  427 [perhaps consider building with GnuTLS instead.])])
  428 	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \
  429 				    ((OPENSSL_VERSION_NUMBER >= 0x10001110L && OPENSSL_VERSION_NUMBER <= 0x10001150L) || \
  430 				     (OPENSSL_VERSION_NUMBER >= 0x10002050L && OPENSSL_VERSION_NUMBER <= 0x10002090L))
  431 				#error Bad OpenSSL
  432 				#endif
  433 				])],
  434 			  [],
  435 			  [AC_MSG_RESULT(yes)
  436 			   AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.]
  437 [See http://rt.openssl.org/Ticket/Display.html?id=4631&user=guest&pass=guest]
  438 [Add --without-openssl-version-check to configure args to avoid this check, or]
  439 [perhaps consider building with GnuTLS instead.])])
  440 	    AC_MSG_RESULT(no)
  441 	fi
  442 
  443 	AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL])
  444 	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/engine.h>],
  445 					[ENGINE_by_id("foo");])],
  446 		       [AC_MSG_RESULT(yes)
  447 			AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])],
  448 		       [AC_MSG_RESULT(no)
  449 			AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])])
  450 
  451 	AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL])
  452 	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>
  453 					 #include <stdlib.h>
  454 					 extern void dtls1_stop_timer(SSL *);],
  455 					[dtls1_stop_timer(NULL);])],
  456 		       [AC_MSG_RESULT(yes)
  457 			AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])],
  458 		       [AC_MSG_RESULT(no)])
  459 
  460 	# DTLS_client_method() and DTLSv1_2_client_method() were both added between
  461 	# OpenSSL v1.0.1 and v1.0.2. DTLSV1.2_client_method() was later deprecated
  462 	# in v1.1.0 so we use DTLS_client_method() as our check for DTLSv1.2 support
  463 	# and that's what we actually use in openssl-dtls.c too.
  464 	AC_MSG_CHECKING([for DTLS_client_method() in OpenSSL])
  465 	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],
  466 					[DTLS_client_method();])],
  467 		       [AC_MSG_RESULT(yes)
  468 			AC_DEFINE(HAVE_DTLS12, [1], [OpenSSL has DTLS_client_method() function])],
  469 		       [AC_MSG_RESULT(no)])
  470 
  471 	AC_MSG_CHECKING([for SSL_CTX_set_min_proto_version() in OpenSSL])
  472 	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],
  473 					[SSL_CTX_set_min_proto_version((void *)0, 0);])],
  474 		       [AC_MSG_RESULT(yes)
  475 			AC_DEFINE(HAVE_SSL_CTX_PROTOVER, [1], [OpenSSL has SSL_CTX_set_min_proto_version() function])],
  476 		       [AC_MSG_RESULT(no)])
  477 
  478 	AC_MSG_CHECKING([for BIO_meth_free() in OpenSSL])
  479 	AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/bio.h>],
  480 					[BIO_meth_free((void *)0);])],
  481 		       [AC_MSG_RESULT(yes)
  482 			AC_DEFINE(HAVE_BIO_METH_FREE, [1], [OpenSSL has BIO_meth_free() function])],
  483 		       [AC_MSG_RESULT(no)])
  484 
  485 	AC_CHECK_FUNC(HMAC_CTX_copy,
  486 		      [esp=yes],
  487 		      [AC_MSG_WARN([ESP support will be disabled])])
  488 
  489 	LIBS="${oldLIBS}"
  490 	CFLAGS="${oldCFLAGS}"
  491 
  492 	dtls=yes
  493 	AC_DEFINE(OPENCONNECT_OPENSSL, 1, [Using OpenSSL])
  494 	AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
  495 	AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
  496 	;;
  497 
  498     GnuTLS)
  499 	oldlibs="$LIBS"
  500 	oldcflags="$CFLAGS"
  501 	LIBS="$LIBS $GNUTLS_LIBS"
  502 	CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
  503 	esp=yes
  504 	dtls=yes
  505 	AC_CHECK_FUNC(gnutls_system_key_add_x509,
  506 		      [AC_DEFINE(HAVE_GNUTLS_SYSTEM_KEYS, 1, [From GnuTLS 3.4.0])], [])
  507 	AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
  508 		      [PKG_CHECK_MODULES(P11KIT, p11-kit-1,
  509 					 [AC_DEFINE(HAVE_P11KIT, 1, [Have. P11. Kit.])
  510 					  pkcs11_support=GnuTLS
  511 					  AC_SUBST(P11KIT_PC, p11-kit-1)],
  512 					 [:])], [])
  513 	LIBS="$oldlibs -ltspi"
  514 	AC_MSG_CHECKING([for tss library])
  515 	AC_LINK_IFELSE([AC_LANG_PROGRAM([
  516 					   #include <trousers/tss.h>
  517 					   #include <trousers/trousers.h>],[
  518 					   int err = Tspi_Context_Create((void *)0);
  519 					   Trspi_Error_String(err);])],
  520 		       [AC_MSG_RESULT(yes)
  521 			AC_SUBST([TSS_LIBS], [-ltspi])
  522 			AC_SUBST([TSS_CFLAGS], [])
  523 			AC_DEFINE(HAVE_TROUSERS, 1, [Have Trousers TSS library])],
  524 		       [AC_MSG_RESULT(no)])
  525 	LIBS="$oldlibs"
  526 	CFLAGS="$oldcflags"
  527 
  528 	PKG_CHECK_MODULES(TASN1, [libtasn1], [have_tasn1=yes], [have_tasn1=no])
  529 	if test "$have_tasn1" = "yes"; then
  530 	   PKG_CHECK_MODULES(TSS2_ESYS, [tss2-esys],
  531 			     [AC_DEFINE(HAVE_TSS2, 1, [Have TSS2])
  532 			      AC_SUBST(TPM2_CFLAGS, ['$(TASN1_CFLAGS) $(TSS2_ESYS_CFLAGS)'])
  533 			      AC_SUBST(TPM2_LIBS, ['$(TASN1_LIBS) $(TSS2_ESYS_LIBS)'])
  534 			      tss2lib=tss2-esys],
  535 			     [:])
  536 	   if test "$tss2lib" = ""; then
  537 	       AC_CHECK_LIB([tss], [TSS_Create], [tss2inc=tss2
  538 						  tss2lib=tss],
  539 			    AC_CHECK_LIB([ibmtss], [TSS_Create], [tss2inc=ibmtss
  540 								  tss2lib=ibmtss], []))
  541 	       if test "$tss2lib" != ""; then
  542 		   AC_CHECK_HEADER($tss2inc/tss.h,
  543 				   [AC_DEFINE_UNQUOTED(HAVE_TSS2, $tss2inc, [TSS2 library])
  544 				    AC_SUBST(TSS2_LIBS, [-l$tss2lib])
  545 				    AC_SUBST(TPM2_CFLAGS, ['$(TASN1_CFLAGS)'])
  546 				    AC_SUBST(TPM2_LIBS, ['$(TASN1_LIBS) $(TSS2_LIBS)'])],
  547 				   [tss2lib=])
  548 	       fi
  549 	   fi
  550 	fi
  551 
  552 	AC_DEFINE(OPENCONNECT_GNUTLS, 1, [Using GnuTLS])
  553 	AC_SUBST(SSL_PC, [gnutls])
  554 	AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS) $(TPM2_LIBS)'])
  555 	AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS) $(TPM2_CFLAGS)'])
  556 	;;
  557 
  558     *)
  559 	# This should never happen
  560 	AC_MSG_ERROR([No SSL library selected])
  561 	;;
  562 esac
  563 
  564 AM_CONDITIONAL(OPENCONNECT_TSS2_ESYS, [ test "$tss2lib" = "tss2-esys" ])
  565 AM_CONDITIONAL(OPENCONNECT_TSS2_IBM, [ test "$tss2lib" = "ibmtss" -o "$tss2lib" = "tss" ])
  566 
  567 test_pkcs11=
  568 if test "$pkcs11_support" != ""; then
  569    AC_CHECK_PROG(test_pkcs11, softhsm2-util, yes)
  570 fi
  571 AM_CONDITIONAL(TEST_PKCS11, [ test "$test_pkcs11" = "yes" ])
  572 
  573 # The test is OpenSSL-only for now.
  574 AM_CONDITIONAL(CHECK_DTLS, [ test "$ssl_library" = "OpenSSL" ])
  575 
  576 AC_ARG_ENABLE([dtls-xfail],
  577 	AS_HELP_STRING([--enable-dtls-xfail], [Only for gitlab CI. Do not use]))
  578 AM_CONDITIONAL(DTLS_XFAIL, [test "$enable_dtls_xfail" = "yes" ])
  579 
  580 AC_ARG_ENABLE([dsa-tests],
  581 	AS_HELP_STRING([--disable-dsa-tests], [Disable DSA keys in self-test]),
  582 	[], [enable_dsa_tests=yes])
  583 AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"])
  584 
  585 AM_CONDITIONAL(OPENCONNECT_GNUTLS,  [ test "$ssl_library" = "GnuTLS" ])
  586 AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ])
  587 AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ])
  588 AM_CONDITIONAL(OPENCONNECT_DTLS, [ test "$dtls" != "" ])
  589 
  590 if test "$esp" != ""; then
  591     AC_DEFINE(HAVE_ESP, 1, [Build with ESP support])
  592 fi
  593 if test "$dtls" != ""; then
  594     AC_DEFINE(HAVE_DTLS, 1, [Build with DTLS support])
  595 fi
  596 
  597 AC_ARG_WITH(lz4,
  598   AS_HELP_STRING([--without-lz4], [disable support for LZ4 compression]),
  599   test_for_lz4=$withval,
  600   test_for_lz4=yes)
  601 
  602 lz4_pkg=no
  603 if test "$test_for_lz4" = yes; then
  604 PKG_CHECK_MODULES([LIBLZ4], [liblz4], [
  605 	AC_SUBST(LIBLZ4_PC, liblz4)
  606 	AC_DEFINE([HAVE_LZ4], [], [LZ4 was found])
  607 	lz4_pkg=yes
  608 	oldLIBS="$LIBS"
  609 	LIBS="$LIBS $LIBLZ4_LIBS"
  610 	oldCFLAGS="$CFLAGS"
  611 	CFLAGS="$CFLAGS $LIBLZ4_CFLAGS"
  612 	AC_MSG_CHECKING([for LZ4_compress_default()])
  613 	AC_LINK_IFELSE([AC_LANG_PROGRAM([
  614 		   #include <lz4.h>],[
  615 		   LZ4_compress_default("", (char *)0, 0, 0);])],
  616 		  [AC_MSG_RESULT(yes)
  617 		   AC_DEFINE([HAVE_LZ4_COMPRESS_DEFAULT], [], [From LZ4 r129])
  618 		  ],
  619 		  [AC_MSG_RESULT(no)])
  620 	LIBS="$oldLIBS"
  621 	CFLAGS="$oldCFLAGS"
  622 ],
  623 [
  624 	AC_MSG_WARN([[
  625 ***
  626 *** lz4 not found.
  627 *** ]])
  628 ])
  629 fi
  630 
  631 # For some bizarre reason now that we use AM_ICONV, the mingw32 build doesn't
  632 # manage to set EGREP properly in the created ./libtool script. Make sure it's
  633 # found.
  634 AC_PROG_EGREP
  635 
  636 # Needs to happen after we default to static/shared libraries based on OpenSSL
  637 AC_PROG_LIBTOOL
  638 if test "$use_openbsd_libtool" = "true" && test -x /usr/bin/libtool; then
  639 	echo using OpenBSD libtool
  640 	LIBTOOL=/usr/bin/libtool
  641 fi
  642 AM_CONDITIONAL(OPENBSD_LIBTOOL, [ test "$use_openbsd_libtool" = "true" ])
  643 
  644 AX_CHECK_VSCRIPT
  645 
  646 PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
  647 
  648 PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])],
  649 		  [oldLIBS="$LIBS"
  650 		  LIBS="$LIBS -lz" 
  651 		  AC_MSG_CHECKING([for zlib without pkg-config])
  652 		  AC_LINK_IFELSE([AC_LANG_PROGRAM([
  653 		   #include <zlib.h>],[
  654 		   z_stream zs;
  655 		   deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
  656 		   		-12, 9, Z_DEFAULT_STRATEGY);])],
  657 		  [AC_MSG_RESULT(yes)
  658 		   AC_SUBST([ZLIB_LIBS], [-lz])
  659 		   AC_SUBST([ZLIB_CFLAGS], [])],
  660   		  [AC_MSG_RESULT(no)
  661 		   AC_ERROR([Could not build against zlib])])
  662 		  LIBS="$oldLIBS"])
  663 
  664 AC_ARG_WITH([libproxy],
  665 	AS_HELP_STRING([--without-libproxy],
  666 	[Build without libproxy library [default=auto]]))
  667 AS_IF([test "x$with_libproxy" != "xno"], [
  668 	PKG_CHECK_MODULES(LIBPROXY, libproxy-1.0,
  669 			[AC_SUBST(LIBPROXY_PC, libproxy-1.0)
  670 			 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"], [libproxy header file])
  671 			 libproxy_pkg=yes],
  672 			 libproxy_pkg=no)
  673 ], [libproxy_pkg=disabled])
  674 
  675 dnl Libproxy *can* exist without a .pc file, and its header may be called
  676 dnl libproxy.h in that case.
  677 if (test "$libproxy_pkg" = "no"); then
  678    AC_MSG_CHECKING([for libproxy])
  679    oldLIBS="$LIBS"
  680    LIBS="$LIBS -lproxy"
  681    AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <libproxy.h>],
  682 			   [(void)px_proxy_factory_new();])],
  683 	  [AC_MSG_RESULT(yes (with libproxy.h))
  684 	   AC_DEFINE([LIBPROXY_HDR], ["libproxy.h"])
  685 	   AC_SUBST([LIBPROXY_LIBS], [-lproxy])
  686 	   libproxy_pkg=yes],
  687 	  [AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <proxy.h>],
  688 				  [(void)px_proxy_factory_new();])],
  689 		  [AC_MSG_RESULT(yes (with proxy.h))
  690 		   AC_DEFINE([LIBPROXY_HDR], ["proxy.h"])
  691 		   AC_SUBST([LIBPROXY_LIBS], [-lproxy])
  692 		   libproxy_pkg=yes],
  693 		   [AC_MSG_RESULT(no)])])
  694    LIBS="$oldLIBS"
  695 fi
  696 
  697 AC_ARG_WITH([stoken],
  698 	AS_HELP_STRING([--without-stoken],
  699 	[Build without libstoken library [default=auto]]))
  700 AS_IF([test "x$with_stoken" != "xno"], [
  701 	PKG_CHECK_MODULES(LIBSTOKEN, stoken,
  702 			[AC_SUBST(LIBSTOKEN_PC, stoken)
  703 			 AC_DEFINE([HAVE_LIBSTOKEN], 1, [Have libstoken])
  704 			 libstoken_pkg=yes],
  705 			 libstoken_pkg=no)
  706 ], [libstoken_pkg=disabled])
  707 AM_CONDITIONAL(OPENCONNECT_STOKEN, [test "$libstoken_pkg" = "yes"])
  708 
  709 AC_ARG_WITH([libpcsclite],
  710 	AS_HELP_STRING([--without-libpcsclite],
  711 	[Build without libpcsclite library (for Yubikey support) [default=auto]]))
  712 AS_IF([test "x$with_libpcsclite" != "xno"], [
  713 	if test "$system_pcsc_libs" != ""; then
  714 	   AC_SUBST(LIBPCSCLITE_LIBS, "$system_pcsc_libs")
  715 	   AC_SUBST(LIBPCSCLITE_CFLAGS, "$system_pcsc_cflags")
  716 	   AC_SUBST(system_pcsc_libs)
  717 	   libpcsclite_pkg=yes
  718 	else
  719 	    PKG_CHECK_MODULES(LIBPCSCLITE, libpcsclite,
  720 			[AC_SUBST(LIBPCSCLITE_PC, libpcsclite)
  721 			 libpcsclite_pkg=yes],
  722 			libpcsclite_pkg=no)
  723 	fi
  724 ], [libpcsclite_pkg=disabled])
  725 if test "$libpcsclite_pkg" = "yes"; then
  726     AC_DEFINE([HAVE_LIBPCSCLITE], 1, [Have libpcsclite])
  727 fi
  728 AM_CONDITIONAL(OPENCONNECT_LIBPCSCLITE, [test "$libpcsclite_pkg" = "yes"])
  729 
  730 AC_ARG_WITH([libpskc],
  731 	AS_HELP_STRING([--without-libpskc],
  732 	[Build without libpskc library [default=auto]]))
  733 AS_IF([test "x$with_libpskc" != "xno"], [
  734 	PKG_CHECK_MODULES(LIBPSKC, [libpskc >= 2.2.0],
  735 		[AC_SUBST(LIBPSKC_PC, libpskc)
  736 		 AC_DEFINE([HAVE_LIBPSKC], 1, [Have libpskc])
  737 		 libpskc_pkg=yes],
  738 		 libpskc_pkg=no)])
  739 
  740 linked_gssapi=no
  741 AC_ARG_WITH([gssapi],
  742 	AS_HELP_STRING([--without-gssapi],
  743 	[Build without GSSAPI support [default=auto]]))
  744 
  745 AC_DEFUN([GSSAPI_CHECK_BUILD],[
  746 	gss_old_libs="$LIBS"
  747 	LIBS="$LIBS ${GSSAPI_LIBS}"
  748 	AC_MSG_CHECKING([GSSAPI compilation with "${GSSAPI_LIBS}"])
  749 	AC_LINK_IFELSE([AC_LANG_PROGRAM([
  750 			#include <stdlib.h>
  751 			#include GSSAPI_HDR],[
  752 			OM_uint32 major, minor;
  753 			gss_buffer_desc b = GSS_C_EMPTY_BUFFER;
  754 			gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
  755 			gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ctx, GSS_C_NO_NAME, GSS_C_NO_OID,
  756 			    GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
  757 			    NULL, NULL, NULL);])],
  758 	    [linked_gssapi=yes
  759 	     AC_MSG_RESULT(yes)],
  760 	    [linked_gssapi=no
  761 	     AC_MSG_RESULT(no)])
  762 	LIBS="$gss_old_libs"
  763 ])
  764 
  765 # Attempt to work out how to build with GSSAPI. Mostly, krb5-config will
  766 # exist and work. Tested on FreeBSD 9, OpenBSD 5.5, NetBSD 6.1.4. Solaris
  767 # has krb5-config but it doesn't do GSSAPI so hard-code the results there.
  768 # Older OpenBSD (I tested 5.2) lacks krb5-config so leave that as an example.
  769 if test "$with_gssapi" != "no"; then
  770     found_gssapi=no
  771 
  772     if test "${with_gssapi}" != "yes" -a "${with_gssapi}" != "" ; then
  773 	gssapi_root="${with_gssapi}"
  774     else
  775 	gssapi_root=""
  776     fi
  777 
  778     # First: if they specify GSSAPI_LIBS and/or GSSAPI_CFLAGS then use them.
  779     if test "$GSSAPI_LIBS$GSSAPI_CFLAGS" != ""; then
  780 	found_gssapi=yes
  781     fi
  782     # Second: try finding a viable krb5-config that supports gssapi
  783     if test "$found_gssapi" = "no"; then
  784         if test -n "${gssapi_root}"; then
  785 	    krb5path="${gssapi_root}/bin:$PATH"
  786 	else
  787 	    krb5path="/usr/kerberos/bin:$PATH"
  788 	fi
  789 
  790 	if test -n "$host_alias"; then
  791 	    AC_PATH_PROG(KRB5_CONFIG, [${host_alias}-krb5-config], [], [$krb5path])
  792 	fi
  793 	if test "$KRB5_CONFIG" = ""; then
  794 	    AC_PATH_PROG(KRB5_CONFIG, [krb5-config], [], [$krb5path])
  795 	fi
  796 	if test "$KRB5_CONFIG" != ""; then
  797 	    AC_MSG_CHECKING([whether $KRB5_CONFIG supports gssapi])
  798 	    if "${KRB5_CONFIG}" --cflags gssapi > /dev/null 2>/dev/null; then
  799 		AC_MSG_RESULT(yes)
  800 		found_gssapi=yes
  801 		GSSAPI_LIBS="`"${KRB5_CONFIG}" --libs gssapi`"
  802 		GSSAPI_CFLAGS="`"${KRB5_CONFIG}" --cflags gssapi`"
  803 	    else
  804 		AC_MSG_RESULT(no)
  805 	    fi
  806 	fi
  807     fi
  808     # Third: look for <gssapi.h> or <gssapi/gssapi.h> in some likely places,
  809     #        and we'll worry about how to *link* it in a moment...
  810     if test "$found_gssapi" = "no"; then
  811 	if test -n "${gssapi_root}"; then
  812 	    if test -r "${with_gssapi}/include/gssapi.h" -o \
  813 		    -r "${with_gssapi}/include/gssapi/gssapi.h"; then
  814 		GSSAPI_CFLAGS="-I\"${with_gssapi}/include\""
  815 	    fi
  816 	else
  817 	    if test -r /usr/kerberos/include/gssapi.h -o \
  818 		      -r /usr/kerberos/include/gssapi/gssapi.h; then
  819 		GSSAPI_CFLAGS=-I/usr/kerberos/include
  820 	    elif test -r /usr/include/kerberosV/gssapi.h -o \
  821 		      -r /usr/include/kerberosV/gssapi/gssapi.h; then
  822 		# OpenBSD 5.2 puts it here
  823 		GSSAPI_CFLAGS=-I/usr/include/kerberosV
  824 	    else
  825 		# Maybe it'll Just Work
  826 		GSSAPI_CFLAGS=
  827 	    fi
  828 	fi
  829     fi
  830 
  831     oldcflags="$CFLAGS"
  832     CFLAGS="$CFLAGS ${GSSAPI_CFLAGS}"
  833 
  834     # OK, now see if we've correctly managed to find gssapi.h at least...
  835     gssapi_hdr=
  836     AC_CHECK_HEADER([gssapi/gssapi.h],
  837 	[gssapi_hdr="<gssapi/gssapi.h>"],
  838 	[AC_CHECK_HEADER([gssapi.h],
  839 		[gssapi_hdr="<gssapi.h>"],
  840 		[AC_MSG_WARN([Cannot find <gssapi/gssapi.h> or <gssapi.h>])])])
  841 
  842     # Finally, unless we've already failed, see if we can link it.
  843     linked_gssapi=no
  844     if test -n "${gssapi_hdr}"; then
  845 	AC_DEFINE_UNQUOTED(GSSAPI_HDR, $gssapi_hdr, [GSSAPI header])
  846 	if test "$found_gssapi" = "yes"; then
  847 	    # We think we have GSSAPI_LIBS already so try it...
  848 	    GSSAPI_CHECK_BUILD
  849 	else
  850 	    LFLAG=
  851 	    if test -n "$gssapi_root"; then
  852 		LFLAG="-L\"${gssapi_root}/lib$libsuff\""
  853 	    fi
  854 	    # Solaris, HPUX, etc.
  855 	    GSSAPI_LIBS="$LFLAG -lgss"
  856 	    GSSAPI_CHECK_BUILD
  857 	    if test "$linked_gssapi" = "no"; then
  858 		GSSAPI_LIBS="$LFLAG -lgssapi"
  859 		GSSAPI_CHECK_BUILD
  860 	    fi
  861 	    if test "$linked_gssapi" = "no"; then
  862 		GSSAPI_LIBS="$LFLAG -lgssapi_krb5"
  863 		GSSAPI_CHECK_BUILD
  864 	    fi
  865 	    if test "$linked_gssapi" = "no"; then
  866 		# OpenBSD 5.2 at least
  867 		GSSAPI_LIBS="$LFLAG -lgssapi -lkrb5 -lcrypto"
  868 		GSSAPI_CHECK_BUILD
  869 	    fi
  870 	    if test "$linked_gssapi" = "no"; then
  871 		# MIT
  872 		GSSAPI_LIBS="$LFLAG -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
  873 		GSSAPI_CHECK_BUILD
  874 	    fi
  875 	    if test "$linked_gssapi" = "no"; then
  876 		# Heimdal
  877 		GSSAPI_LIBS="$LFLAG -lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lgssapi"
  878 		GSSAPI_CHECK_BUILD
  879 	    fi
  880 	    if test "$linked_gssapi" = "no"; then
  881 		AC_MSG_WARN([Cannot find GSSAPI. Try setting GSSAPI_LIBS and GSSAPI_CFLAGS manually])
  882 	    fi
  883 	fi
  884     fi
  885 
  886     CFLAGS="$oldcflags"
  887 
  888     if test "$linked_gssapi" = "yes"; then
  889 	AC_DEFINE([HAVE_GSSAPI], 1, [Have GSSAPI support])
  890 	AC_SUBST(GSSAPI_CFLAGS)
  891 	AC_SUBST(GSSAPI_LIBS)
  892     elif test "$with_gssapi" = ""; then
  893 	AC_MSG_WARN([Building without GSSAPI support]);
  894 	unset GSSAPI_CFLAGS
  895 	unset GSSAPI_LIBS
  896     else
  897 	AC_MSG_ERROR([GSSAPI support requested but not found. Try setting GSSAPI_LIBS/GSSAPI_CFLAGS])
  898     fi
  899 fi
  900 AM_CONDITIONAL(OPENCONNECT_GSSAPI, [test "$linked_gssapi" = "yes"])
  901 
  902 AC_ARG_WITH([java],
  903 	AS_HELP_STRING([--with-java(=DIR)],
  904 		       [Build JNI bindings using jni.h from DIR [default=no]]),
  905 	[], [with_java=no])
  906 
  907 if test "$with_java" = "yes"; then
  908 	AX_JNI_INCLUDE_DIR
  909 	for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do
  910 		  JNI_CFLAGS="$JNI_CFLAGS -I$JNI_INCLUDE_DIR"
  911 	done
  912 elif test "$with_java" = "no"; then
  913 	JNI_CFLAGS=""
  914 else
  915 	JNI_CFLAGS="-I$with_java"
  916 fi
  917 
  918 if test "x$JNI_CFLAGS" != "x"; then
  919 	oldCFLAGS="$CFLAGS"
  920 	CFLAGS="$CFLAGS $JNI_CFLAGS"
  921 	AC_MSG_CHECKING([jni.h usability])
  922 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <jni.h>],
  923 		[jint foo = 0; (void)foo;])],
  924 		AC_MSG_RESULT([yes]),
  925 		[AC_MSG_RESULT([no])
  926 		 AC_MSG_ERROR([unable to compile JNI test program])])
  927 	CFLAGS="$oldCFLAGS"
  928 
  929 	AC_SUBST(JNI_CFLAGS, [$JNI_CFLAGS])
  930 fi
  931 
  932 AM_CONDITIONAL(OPENCONNECT_JNI, [test "$JNI_CFLAGS" != ""])
  933 
  934 AC_ARG_ENABLE([jni-standalone],
  935 	AS_HELP_STRING([--enable-jni-standalone],
  936 		       [build JNI stubs directly into libopenconnect.so [default=no]]),
  937 	[jni_standalone=$enableval],
  938 	[jni_standalone=no])
  939 AM_CONDITIONAL(JNI_STANDALONE, [test $jni_standalone = yes])
  940 symver_java=
  941 if test "$jni_standalone" = "yes" ; then
  942    symver_java=$(sed -n '/JNIEXPORT/{s/^JNIEXPORT.*\(Java_.*\) *(/\1;/ p}' ${srcdir}/jni.c)
  943    # Remove the newlines between each item.
  944    symver_java=$(echo $symver_java)
  945 fi
  946 AC_SUBST(SYMVER_JAVA, $symver_java)
  947 
  948 AC_CHECK_HEADER([if_tun.h],
  949     [AC_DEFINE([IF_TUN_HDR], ["if_tun.h"], [if_tun.h include path])],
  950     [AC_CHECK_HEADER([linux/if_tun.h],
  951         [AC_DEFINE([IF_TUN_HDR], ["linux/if_tun.h"])],
  952         [AC_CHECK_HEADER([net/if_tun.h],
  953             [AC_DEFINE([IF_TUN_HDR], ["net/if_tun.h"])],
  954             [AC_CHECK_HEADER([net/tun/if_tun.h],
  955                 [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])])
  956 
  957 AC_CHECK_HEADER([net/if_utun.h], AC_DEFINE([HAVE_NET_UTUN_H], 1, [Have net/if_utun.h]), ,
  958 		[#include <sys/types.h>])
  959 
  960 AC_CHECK_HEADER([alloca.h], AC_DEFINE([HAVE_ALLOCA_H], 1, [Have alloca.h]))
  961 
  962 AC_CHECK_HEADER([endian.h],
  963     [AC_DEFINE([ENDIAN_HDR], [<endian.h>], [endian header include path])],
  964     [AC_CHECK_HEADER([sys/endian.h],
  965         [AC_DEFINE([ENDIAN_HDR], [<sys/endian.h>])],
  966         [AC_CHECK_HEADER([sys/isa_defs.h],
  967             [AC_DEFINE([ENDIAN_HDR], [<sys/isa_defs.h>])])])])
  968 
  969 build_www=yes
  970 AC_PATH_PROGS(PYTHON, [python3 python2 python], [], $PATH:/bin:/usr/bin)
  971 if test -z "${ac_cv_path_PYTHON}"; then
  972    AC_MSG_NOTICE([Python not found; not building HTML pages])
  973    build_www=no
  974 fi
  975 if test "${build_www}" = "yes"; then
  976    AC_MSG_CHECKING([if groff can create UTF-8 XHTML])
  977    AC_PATH_PROGS_FEATURE_CHECK([GROFF], [groff],
  978 	[$ac_path_GROFF -t -K UTF-8 -mandoc -Txhtml /dev/null > /dev/null 2>&1 &&
  979 	 ac_cv_path_GROFF=$ac_path_GROFF])
  980    if test -n "$ac_cv_path_GROFF"; then
  981       AC_MSG_RESULT(yes)
  982       AC_SUBST(GROFF, ${ac_cv_path_GROFF})
  983    else
  984       AC_MSG_RESULT([no. Not building HTML pages])
  985       build_www=no
  986    fi
  987 fi
  988 AM_CONDITIONAL(BUILD_WWW, [test "${build_www}" = "yes"])
  989 
  990 # Checks for tests
  991 PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_cwrap=no)
  992 AM_CONDITIONAL(HAVE_CWRAP, test "x$have_cwrap" != xno)
  993 
  994 have_netns=no
  995 AC_PATH_PROG(NUTTCP, nuttcp)
  996 if test -n "$ac_cv_path_NUTTCP"; then
  997     AC_PATH_PROG(IP, ip, [], $PATH:/sbin:/usr/sbin)
  998     if test -n "$ac_cv_path_IP"; then
  999 	AC_MSG_CHECKING([For network namespaces])
 1000 	NETNS=openconnect-configure-test-$$
 1001 	if ip netns add $NETNS >/dev/null 2>/dev/null; then
 1002 	    ip netns delete $NETNS
 1003 	    have_netns=yes
 1004 	fi
 1005 	AC_MSG_RESULT($have_netns)
 1006     fi
 1007 fi
 1008 AM_CONDITIONAL(HAVE_NETNS, test "x$have_netns" != xno)
 1009 
 1010 AC_SUBST([CONFIG_STATUS_DEPENDENCIES],
 1011 	 ['$(top_srcdir)/po/LINGUAS \
 1012 	   $(top_srcdir)/openconnect.h \
 1013            $(top_srcdir)/libopenconnect.map.in \
 1014 	   $(top_srcdir)/openconnect.8.in \
 1015 	   $(top_srcdir)/tests/softhsm2.conf.in \
 1016 	   $(top_srcdir)/tests/configs/test-user-cert.config.in \
 1017 	   $(top_srcdir)/tests/configs/test-user-pass.config.in'])
 1018 
 1019 RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"`
 1020 # Remove newlines
 1021 LINGUAS=`echo $RAWLINGUAS`
 1022 AC_SUBST(LINGUAS)
 1023 
 1024 APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
 1025 APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`"
 1026 AC_SUBST(APIMAJOR)
 1027 AC_SUBST(APIMINOR)
 1028 
 1029 # We want version.c to depend on the files that would affect the
 1030 # output of version.sh. But we cannot assume that they'll exist,
 1031 # and we cannot use $(wildcard) in a non-GNU makefile. So we just
 1032 # depend on the files which happen to exist at configure time.
 1033 GITVERSIONDEPS=
 1034 for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \
 1035          ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do
 1036     if test -r $a ; then
 1037        GITVERSIONDEPS="$GITVERSIONDEPS $a"
 1038     fi
 1039 done
 1040 AC_SUBST(GITVERSIONDEPS)
 1041 
 1042 AC_SUBST(OCSERV_USER, $(whoami))
 1043 AC_SUBST(OCSERV_GROUP, $(groups|cut -f 1 -d ' '))
 1044 
 1045 AC_CONFIG_FILES(Makefile openconnect.pc po/Makefile www/Makefile \
 1046 		libopenconnect.map openconnect.8 www/styles/Makefile \
 1047 		www/inc/Makefile www/images/Makefile tests/Makefile \
 1048 		tests/softhsm2.conf tests/configs/test-user-cert.config \
 1049 		tests/configs/test-user-pass.config)
 1050 AC_OUTPUT
 1051 
 1052 AC_DEFUN([SUMMARY],
 1053 	 [pretty="$2"
 1054 	 if test "$pretty" = "openssl"; then
 1055 	     pretty=OpenSSL
 1056 	 elif test "$pretty" = "gnutls" -o "$pretty" = "both"; then
 1057 	     pretty=GnuTLS
 1058 	 elif test "$pretty" = ""; then
 1059 	     pretty=no
 1060 	 fi
 1061 	 echo "AS_HELP_STRING([$1:],[$pretty])"])
 1062 
 1063 echo "BUILD OPTIONS:"
 1064 SUMMARY([SSL library], [$ssl_library])
 1065 SUMMARY([[PKCS#11 support]], [$pkcs11_support])
 1066 SUMMARY([DTLS support], [$dtls])
 1067 SUMMARY([ESP support], [$esp])
 1068 SUMMARY([libproxy support], [$libproxy_pkg])
 1069 SUMMARY([RSA SecurID support], [$libstoken_pkg])
 1070 SUMMARY([PSKC OATH file support], [$libpskc_pkg])
 1071 SUMMARY([GSSAPI support], [$linked_gssapi])
 1072 SUMMARY([Yubikey support], [$libpcsclite_pkg])
 1073 SUMMARY([LZ4 compression], [$lz4_pkg])
 1074 SUMMARY([Java bindings], [$with_java])
 1075 SUMMARY([Build docs], [$build_www])
 1076 SUMMARY([Unit tests], [$have_cwrap])
 1077 SUMMARY([Net namespace tests], [$have_netns])
 1078 
 1079 if test "$ssl_library" = "OpenSSL"; then
 1080     AC_MSG_WARN([[
 1081 ***
 1082 *** Be sure to run "make check" to verify OpenSSL DTLS support
 1083 *** ]])
 1084 fi