simulate pkcs11x.h when it doesn't exist
[gnutls:gnutls.git] / configure.ac
1 dnl Process this file with autoconf to produce a configure script.
2 # Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 #
4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
5 #
6 # This file is part of GnuTLS.
7 #
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
12 #
13 # This program is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16 # General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21 # USA
22
23 AC_PREREQ(2.61)
24 AC_INIT([GnuTLS], [3.4.0], [bugs@gnutls.org])
25 AC_CONFIG_AUX_DIR([build-aux])
26 AC_CONFIG_MACRO_DIR([m4])
27 AC_CANONICAL_HOST
28
29 AM_INIT_AUTOMAKE([1.12.2 subdir-objects no-dist-gzip dist-xz dist-lzip -Wall -Wno-override])
30 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
31 AC_CONFIG_HEADERS([config.h])
32
33 AC_MSG_RESULT([***
34 *** Checking for compilation programs...
35 ])
36
37 dnl Checks for programs.
38 PKG_PROG_PKG_CONFIG
39 AC_PROG_CC
40 gl_EARLY
41 ggl_EARLY
42 AM_PROG_AS
43 AM_PROG_AR
44 AC_PROG_CXX
45 AM_PROG_CC_C_O
46 AC_PROG_YACC
47 AC_PROG_SED
48 AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true])
49
50 if test x"$AUTOGEN" = "x/bin/true"; then
51   AC_MSG_WARN([[
52 ***
53 *** autogen not found. Will not link against libopts.
54 *** ]])
55 enable_local_libopts=yes
56 fi
57
58 # For includes/gnutls/gnutls.h.in.
59 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
60 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
61 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
62 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
63
64 touch suppressions.valgrind
65 dnl C and C++ capabilities
66 AC_C_INLINE
67 AC_HEADER_STDC
68
69 # For the C++ code
70 AC_ARG_ENABLE(cxx,
71   AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
72     use_cxx=$enableval, use_cxx=yes)
73 if test "$use_cxx" != "no"; then
74   AC_LANG_PUSH(C++)
75   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
76   AC_LANG_POP(C++)
77 fi
78 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
79 AM_CONDITIONAL(WANT_TEST_SUITE, [test -f tests/suite/mini-eagain2.c])
80
81 dnl Detect windows build
82 case "$host" in
83   *mingw32* | *mingw64*)
84     have_win=yes
85   ;;
86   *darwin*)
87     have_macosx=yes
88   ;;
89   *)
90     have_elf=yes
91   ;;
92 esac
93
94 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
95 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
96 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
97
98 dnl Hardware Acceleration
99 AC_ARG_ENABLE(hardware-acceleration,
100   AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
101     use_accel=$enableval, use_accel=yes)
102 hw_accel=none
103
104
105 if test "$use_accel" != "no"; then
106 case $host_cpu in
107   i?86 | x86_64 | amd64)
108       AC_CHECK_HEADERS(cpuid.h)
109       if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
110         hw_accel="x86-64"
111       else
112         hw_accel="x86"
113       fi
114   ;;
115   *)
116   ;;
117 esac
118
119 fi
120
121 AC_ARG_ENABLE(padlock,
122   AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
123     use_padlock=$enableval, use_padlock=yes)
124
125 if test "$use_padlock" != "no"; then
126     AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
127     AC_SUBST([ENABLE_PADLOCK])
128 fi
129 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
130 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
131 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
132 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
133 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
134 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
135
136
137 dnl Try the hooks.m4
138 LIBGNUTLS_HOOKS
139 LIBGNUTLS_EXTRA_HOOKS
140
141 AC_ARG_ENABLE(doc,
142   AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
143     enable_doc=$enableval, enable_doc=yes)
144 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
145
146 AC_ARG_ENABLE(tests,
147   AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
148     enable_tests=$enableval, enable_tests=yes)
149 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
150
151 GTK_DOC_CHECK(1.1)
152 AM_GNU_GETTEXT([external])
153 AM_GNU_GETTEXT_VERSION([0.18])
154
155 AC_C_BIGENDIAN
156
157 dnl No fork on MinGW, disable some self-tests until we fix them.
158 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
159 AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,)
160 if test "$ac_cv_func_vasprintf" != "yes";then
161   AC_MSG_CHECKING([for va_copy])
162   AC_LINK_IFELSE([AC_LANG_PROGRAM([
163         #include <stdarg.h>
164         va_list a;],[
165         va_list b;
166         va_copy(b,a);
167         va_end(b);])],
168         [AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()])
169         AC_MSG_RESULT(va_copy)],
170         [AC_LINK_IFELSE([AC_LANG_PROGRAM([
171                 #include <stdarg.h>
172                 va_list a;],[
173                 va_list b;
174                 __va_copy(b,a);
175                 va_end(b);])],
176                 [AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()])
177                 AC_MSG_RESULT(__va_copy)],
178                 [AC_MSG_RESULT(no)
179                 AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])])
180         ])
181 fi
182
183 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
184
185 AC_CHECK_FUNCS([pthread_atfork __register_atfork],,)
186
187 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
188 #include <signal.h>
189 ], [timer_create (0,0,0);])
190
191 if test "$have_win" != "yes";then
192   AC_CHECK_FUNCS([pthread_mutex_lock],,)
193   if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
194     AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
195   fi
196 fi
197
198 if test "$ac_cv_func_nanosleep" != "yes";then
199   AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
200   gnutls_needs_librt=yes
201 fi
202
203 if test "$ac_cv_func_clock_gettime" != "yes";then
204   AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
205   gnutls_needs_librt=yes
206 fi
207
208 ac_have_unicode=no
209 if test "$ac_cv_func_iconv" != "yes";then
210   AC_LIB_HAVE_LINKFLAGS(iconv,, [#include <iconv.h>], [iconv (0, 0, 0, 0, 0);])
211   if test "$HAVE_LIBICONV" = "yes";then
212     ac_have_unicode=yes
213   fi
214 else
215   ac_have_unicode=yes
216 fi
217
218 if test "$ac_have_unicode" != "yes";then
219   if test "$have_win" = "yes";then
220     ac_have_unicode=yes
221   fi
222 fi
223
224 dnl Note that g*l_INIT are run after we check for library capabilities,
225 dnl to prevent issues from caching lib dependencies. See discussion
226 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
227 dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
228 gl_INIT
229 ggl_INIT
230
231 dnl GCC warnings to enable
232
233 AC_ARG_ENABLE([gcc-warnings],
234   [AS_HELP_STRING([--enable-gcc-warnings],
235                   [turn on lots of GCC warnings (for developers)])],
236   [case $enableval in
237      yes|no) ;;
238      *)      AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
239    esac
240    gl_gcc_warnings=$enableval],
241   [gl_gcc_warnings=no]
242 )
243
244 if test "$gl_gcc_warnings" = yes; then
245   gl_WARN_ADD([-Wframe-larger-than=1024], [WSTACK_CFLAGS])
246
247   nw="$nw -Wsystem-headers"         # Don't let system headers trigger warnings
248   nw="$nw -Wc++-compat"             # We don't care about C++ compilers
249   nw="$nw -Wundef"                  # Warns on '#if GNULIB_FOO' etc in gnulib
250   nw="$nw -Wtraditional"            # Warns on #elif which we use often
251   nw="$nw -Wlogical-op"             # Too many false positives
252   nw="$nw -Wold-style-definition"   # 
253   nw="$nw -Wpadded"                 # Our structs are not padded
254   nw="$nw -Wunreachable-code"       # Too many false positives
255   nw="$nw -Wtraditional-conversion" # Too many warnings for now
256   nw="$nw -Wcast-qual"              # Too many warnings for now
257   nw="$nw -Waggregate-return"       # Too many warnings for now
258   nw="$nw -Wshadow"                 # Too many warnings for now
259   nw="$nw -Wswitch-default"         # Too many warnings for now
260   nw="$nw -Wswitch-enum"            # Too many warnings for now
261   nw="$nw -Wconversion"             # Too many warnings for now
262   nw="$nw -Wsign-conversion"        # Too many warnings for now
263   nw="$nw -Wformat-y2k"             # Too many warnings for now
264   nw="$nw -Woverlength-strings"     # We use some in tests/
265   nw="$nw -Wvla"                    # There is no point to avoid C99 variable length arrays
266   nw="$nw -Wformat-nonliteral"      # Incompatible with gettext _()
267   nw="$nw -Wunsafe-loop-optimizations"
268   nw="$nw -Wstrict-overflow"
269   nw="$nw -Wmissing-noreturn"
270   nw="$nw -Winline"                 # Too compiler dependent
271   nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
272   nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
273   nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
274   nw="$nw -Wstack-protector"        # Some functions cannot be protected
275   nw="$nw -Wredundant-decls"        # Some files cannot be compiled with that (gl_fd_to_handle)
276
277   gl_MANYWARN_ALL_GCC([ws])
278   gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
279   for w in $ws; do
280     gl_WARN_ADD([$w])
281   done
282
283   gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
284   gl_WARN_ADD([-Wno-format-y2k])     # Too many warnings for now
285   gl_WARN_ADD([-Wno-unused-value]) # warnings for things we don't want to get
286   gl_WARN_ADD([-Wno-unused-result]) # warnings for things we don't want to get
287   gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
288   gl_WARN_ADD([-Wno-stack-protector])  # Some functions cannot be protected
289   gl_WARN_ADD([-Wno-int-to-pointer-cast])  # Some files cannot be compiled with that (gl_fd_to_handle)
290   gl_WARN_ADD([-fdiagnostics-show-option])
291 fi
292
293 AC_SUBST([WERROR_CFLAGS])
294 AC_SUBST([WSTACK_CFLAGS])
295 AC_SUBST([WARN_CFLAGS])
296
297 dnl Programs for compilation or development
298 AC_PROG_LN_S
299 LT_INIT([disable-static,win32-dll,shared])
300
301
302
303 AC_ARG_ENABLE(self-checks,
304   AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
305     enable_self_checks=$enableval, enable_self_checks=no)
306
307 AC_ARG_ENABLE(fips140-mode,
308   AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
309     enable_fips=$enableval, enable_fips=no)
310 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
311 if [ test "$enable_fips" = "yes" ];then
312   AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
313   if test "x$HAVE_LIBDL" = "xyes";then
314     enable_self_checks=yes
315
316     AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
317
318     AC_SUBST([FIPS140_LIBS], $LIBDL)
319   else
320     enable_fips=no
321     AC_MSG_WARN([[
322 *** 
323 *** This system is not supported in FIPS140 mode.
324 *** libdl and dladdr() are required.
325 *** ]])
326   fi
327 fi
328
329 PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no])
330 if test "$with_libidn" != "no";then
331         AC_DEFINE([HAVE_LIBIDN], 1, [Build IDNA support])
332         if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
333                 GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn"
334         else
335                 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn"
336         fi
337 else
338         with_libidn=no
339         AC_MSG_WARN([[
340 *** 
341 *** libidn was not found. IDNA support will be disabled.
342 *** ]])
343 fi
344
345 AM_CONDITIONAL(HAVE_LIBIDN, test "$with_libidn" != "no")
346
347 AC_ARG_ENABLE(non-suiteb-curves,
348   AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
349     enable_non_suiteb=$enableval, enable_non_suiteb=yes)
350 if [ test "$enable_non_suiteb" = "yes" ];then
351   AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
352 fi
353
354 AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
355 if [ test "$enable_self_checks" = "yes" ];then
356    AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
357 fi
358
359 AC_MSG_CHECKING([whether to build libdane])
360 AC_ARG_ENABLE(libdane,
361     AS_HELP_STRING([--disable-libdane],
362                    [disable the built of libdane]),
363     enable_dane=$enableval, enable_dane=yes)
364 AC_MSG_RESULT($enable_dane)
365
366 if test "$enable_dane" != "no"; then
367     LIBS="$oldlibs -lunbound"
368     AC_MSG_CHECKING([for unbound library])
369     AC_LINK_IFELSE([AC_LANG_PROGRAM([
370                    #include <unbound.h>],[
371                    struct ub_ctx* ctx;
372                    ctx = ub_ctx_create();])],
373                   [AC_MSG_RESULT(yes)
374                    AC_SUBST([UNBOUND_LIBS], [-lunbound])
375                    AC_SUBST([UNBOUND_CFLAGS], [])
376                    AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
377                    enable_dane=yes],
378                   [AC_MSG_RESULT(no)
379                    AC_MSG_WARN([[
380 *** 
381 *** libunbound was not found. Libdane will not be built.
382 *** ]])
383                   enable_dane=no])
384     LIBS="$oldlibs"
385 fi
386
387 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
388
389 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
390                                  [specify the unbound root key file]),
391             unbound_root_key_file="$withval", 
392 if test "$have_win" = yes; then
393     unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
394 else
395     if test -f /var/lib/unbound/root.key;then
396         unbound_root_key_file="/var/lib/unbound/root.key"
397     else
398         unbound_root_key_file="/etc/unbound/root.key"
399     fi
400 fi
401 )
402
403 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
404   ["$unbound_root_key_file"], [The DNSSEC root key file])
405
406 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
407                                  [specify the system priority file]),
408             system_priority_file="$withval", 
409 system_priority_file="/etc/gnutls/default-priorities"
410 )
411
412 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
413   ["$system_priority_file"], [The system priority file])
414
415
416 dnl Check for p11-kit
417 P11_KIT_MINIMUM=0.20.0
418 AC_ARG_WITH(p11-kit,
419         AS_HELP_STRING([--without-p11-kit],
420                 [Build without p11-kit and PKCS#11 support]))
421 if test "$with_p11_kit" != "no"; then
422         PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
423         if test "$with_p11_kit" != "no";then
424                 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
425                 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
426                         GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
427                 else
428                         GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
429                 fi
430                 if $PKG_CONFIG --atleast-version=2.20.6 p11-kit; then
431                         AC_DEFINE([HAVE_PKCS11X_H], 1, [There is p11-kit/pkcs11x.h])
432                 fi
433         else
434                 with_p11_kit=no
435                 AC_MSG_WARN([[
436 *** 
437 *** p11-kit >= $P11_KIT_MINIMUM was not found. PKCS #11 support will be disabled.
438 *** You may get it from http://p11-glue.freedesktop.org/p11-kit.html
439 *** ]])
440         fi
441 fi
442
443 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
444
445 AC_ARG_WITH(tpm,
446         AS_HELP_STRING([--without-tpm],
447                 [Disable TPM (trousers) support.]),
448                 [with_tpm=$withval], [with_tpm=yes])
449 if test "$with_tpm" != "no"; then
450     LIBS="$oldlibs -ltspi"
451     AC_MSG_CHECKING([for tss library])
452     AC_LINK_IFELSE([AC_LANG_PROGRAM([
453                    #include <trousers/tss.h>
454                    #include <trousers/trousers.h>],[
455                    int err = Tspi_Context_Create((void *)0);
456                    Trspi_Error_String(err);])],
457                   [AC_MSG_RESULT(yes)
458                    AC_SUBST([TSS_LIBS], [-ltspi])
459                    AC_SUBST([TSS_CFLAGS], [])
460                    AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
461                    with_tpm=yes],
462                   [AC_MSG_RESULT(no)
463                    AC_MSG_WARN([[
464 *** 
465 *** trousers was not found. TPM support will be disabled.
466 *** ]])
467                   with_tpm=no])
468     LIBS="$oldlibs"
469 fi
470
471 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
472
473 LIBOPTS_CHECK([src/libopts])
474 if test "$NEED_LIBOPTS_DIR" = "true";then
475         dnl replace libopts-generated files with distributed backups, if present
476         missing_baks=
477         for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
478                 nam=`echo $i|sed 's/.bak//g'`
479                 if test -f $i;then
480                         cp -f $i $nam
481                 else
482                         missing_baks=true
483                 fi
484         done
485         if test -z "$missing_baks"; then
486                 AC_SUBST([AUTOGEN], [/bin/true])
487         fi
488         enable_local_libopts=yes
489 else
490         enable_local_libopts=no
491 fi
492 AM_CONDITIONAL(NEED_LIBOPTS, test "$enable_local_libopts" = "yes")
493
494 AC_CHECK_TYPE(ssize_t,
495   [
496     DEFINE_SSIZE_T="#include <sys/types.h>"
497     AC_SUBST(DEFINE_SSIZE_T)
498   ], [
499     AC_DEFINE([NO_SSIZE_T], 1, [no ssize_t type was found])
500     DEFINE_SSIZE_T="typedef int ssize_t;"
501     AC_SUBST(DEFINE_SSIZE_T)
502   ], [
503     #include <sys/types.h>
504   ])
505
506 # For minitasn1.
507 AC_CHECK_SIZEOF(unsigned long int, 4)
508 AC_CHECK_SIZEOF(unsigned int, 4)
509
510 AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
511                                  [disable zlib compression support]),
512             ac_zlib=$withval, ac_zlib=yes)
513 AC_MSG_CHECKING([whether to include zlib compression support])
514 if test x$ac_zlib != xno; then
515  AC_MSG_RESULT(yes)
516  AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
517  if test x$ac_cv_libz != xyes; then
518    AC_MSG_WARN(
519 *** 
520 *** ZLIB was not found. You will not be able to use ZLIB compression.)
521  fi
522 else
523  AC_MSG_RESULT(no)
524 fi
525
526 PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
527
528 if test x$ac_zlib != xno; then
529   if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
530     if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
531       GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
532     else
533       GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
534     fi
535   fi
536 fi
537 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
538
539
540
541 AC_ARG_WITH([default-trust-store-pkcs11],
542   [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
543     [use the given pkcs11 uri as default trust store])])
544
545 if test "x$with_default_trust_store_pkcs11" != x; then
546   if test "x$with_p11_kit" = xno; then
547     AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
548   fi
549   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
550     ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
551 fi
552
553 AC_ARG_WITH([default-trust-store-dir],
554   [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
555     [use the given directory as default trust store])])
556
557 if test "x$with_default_trust_store_dir" != x; then
558   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
559     ["$with_default_trust_store_dir"], [use the given directory as default trust store])
560 fi
561
562 dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
563 AC_ARG_WITH([default-trust-store-file],
564   [AS_HELP_STRING([--with-default-trust-store-file=FILE],
565     [use the given file default trust store])], with_default_trust_store_file="$withval",
566   [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then
567   for i in \
568     /etc/ssl/ca-bundle.pem \
569     /etc/ssl/certs/ca-certificates.crt \
570     /etc/pki/tls/cert.pem \
571     /usr/local/share/certs/ca-root-nss.crt \
572     /etc/ssl/cert.pem
573     do
574     if test -e "$i"; then
575       with_default_trust_store_file="$i"
576       break
577     fi
578   done
579   fi]
580 )
581
582 if test "$with_default_trust_store_file" = "no";then
583   with_default_trust_store_file=""
584 fi
585
586 AC_ARG_WITH([default-crl-file],
587   [AS_HELP_STRING([--with-default-crl-file=FILE],
588     [use the given CRL file as default])])
589
590 AC_ARG_WITH([default-blacklist-file],
591   [AS_HELP_STRING([--with-default-blacklist-file=FILE],
592     [use the given certificate blacklist file as default])])
593
594 if test "x$with_default_trust_store_file" != x; then
595   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
596     ["$with_default_trust_store_file"], [use the given file default trust store])
597 fi
598
599 if test "x$with_default_crl_file" != x; then
600   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
601     ["$with_default_crl_file"], [use the given CRL file])
602 fi
603
604 if test "x$with_default_blacklist_file" != x; then
605   AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
606     ["$with_default_blacklist_file"], [use the given certificate blacklist file])
607 fi
608
609 dnl Guile bindings.
610 opt_guile_bindings=yes
611 AC_MSG_CHECKING([whether building Guile bindings])
612 AC_ARG_ENABLE(guile,
613         AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
614 opt_guile_bindings=$enableval)
615 AC_MSG_RESULT($opt_guile_bindings)
616
617 AC_ARG_WITH([guile-site-dir],
618   [AS_HELP_STRING([--with-guile-site-dir],
619      [use the given directory as the Guile site (use with care)])])
620
621 if test "$opt_guile_bindings" = "yes"; then
622    AC_MSG_RESULT([***
623 *** Detecting GNU Guile...
624 ])
625
626    AC_PATH_PROG([guile_snarf], [guile-snarf])
627    if test "x$guile_snarf" = "x"; then
628       AC_MSG_WARN([`guile-snarf' from Guile 1.8 not found.  Guile bindings not built.])
629       opt_guile_bindings=no
630    else
631       GUILE_PROGS
632       GUILE_FLAGS
633
634       save_CFLAGS="$CFLAGS"
635       save_LIBS="$LIBS"
636       CFLAGS="$CFLAGS $GUILE_CFLAGS"
637       LIBS="$LIBS $GUILE_LDFLAGS"
638       AC_MSG_CHECKING([whether GNU Guile is recent enough])
639       AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
640         [], [opt_guile_bindings=no])
641       CFLAGS="$save_CFLAGS"
642       LIBS="$save_LIBS"
643
644       if test "$opt_guile_bindings" = "yes"; then
645         AC_MSG_RESULT([yes])
646         case "x$with_guile_site_dir" in 
647              xno)
648                 # Use the default $(GUILE_SITE).
649                 GUILE_SITE_DIR
650                 ;;
651              x|xyes)
652                 # Automatically derive $(GUILE_SITE) from $(pkgdatadir).  This
653                 # hack is used to allow `distcheck' to work (see
654                 # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am').
655                 GUILE_SITE="\$(datadir)/guile/site"
656                 AC_SUBST(GUILE_SITE)
657                 ;;
658              *)
659                 # Use the user-specified directory as $(GUILE_SITE).
660                 GUILE_SITE="$with_guile_site_dir"
661                 AC_SUBST(GUILE_SITE)
662                 ;;
663         esac
664         AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
665         _gcc_cflags_save="$CFLAGS"
666         CFLAGS="${CFLAGS} -fgnu89-inline"
667         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
668                           gnu89_inline=yes, gnu89_inline=no)
669         AC_MSG_RESULT($gnu89_inline)
670         CFLAGS="$_gcc_cflags_save"
671
672         # Optional Guile functions.
673         save_CFLAGS="$CFLAGS"
674         save_LIBS="$LIBS"
675         CFLAGS="$CFLAGS $GUILE_CFLAGS"
676         LIBS="$LIBS $GUILE_LDFLAGS"
677         AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
678         CFLAGS="$save_CFLAGS"
679         LIBS="$save_LIBS"
680
681         # The place where guile-gnutls.la will go.
682         AC_MSG_CHECKING([the Guile effective version])
683         guile_effective_version="`$GUILE -c '(display (effective-version))'`"
684         AC_MSG_RESULT([$guile_effective_version])
685         guileextensiondir="$libdir/guile/$guile_effective_version"
686         AC_SUBST([guileextensiondir])
687       else
688         AC_MSG_RESULT([no])
689         AC_MSG_WARN([A sufficiently recent GNU Guile not found.  Guile bindings not built.])
690         opt_guile_bindings=no
691       fi
692    fi
693 fi
694 AM_CONDITIONAL(HAVE_GUILE, test "$opt_guile_bindings" = "yes")
695
696 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
697 LIBGNUTLS_CFLAGS="-I${includedir}"
698 AC_SUBST(LIBGNUTLS_LIBS)
699 AC_SUBST(LIBGNUTLS_CFLAGS)
700
701 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
702
703 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
704 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
705
706 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
707 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
708 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
709
710 dnl Crywrap dependencies
711    AC_MSG_RESULT([***
712 *** Checking dependencies for crywrap...
713 ])
714
715 crywrap=no
716
717 if test "$have_win" != "yes"; then
718
719 AC_CHECK_HEADERS([arpa/inet.h netinet/in.h sys/select.h sys/types.h sys/wait.h])
720
721 dnl **********************
722 dnl * Typedefs & co
723 dnl **********************
724 AC_CACHE_CHECK([return type of signal handlers],[ac_cv_type_signal],[AC_COMPILE_IFELSE(
725 [AC_LANG_PROGRAM([#include <sys/types.h>
726 #include <signal.h>
727 ],
728                  [return *(signal (0, 0)) (0) == 1;])],
729                    [ac_cv_type_signal=int],
730                    [ac_cv_type_signal=void])])
731 AC_DEFINE_UNQUOTED([RETSIGTYPE],[$ac_cv_type_signal],[Define as the return type of signal handlers
732                     (`int' or `void').])
733
734 AC_FUNC_SELECT_ARGTYPES
735 AC_CHECK_FUNCS([alarm atexit dup2 epoll_create kqueue memchr memset munmap \
736                 putenv regcomp scandir select socket strcasecmp strchr \
737                 strdup strerror strncasecmp strrchr strstr strtoul uname])
738
739 AC_ARG_ENABLE(crywrap,
740         AS_HELP_STRING([--disable-crywrap], [unconditionally disable the crywrap TLS proxy service]))
741
742
743  if test "x$enable_crywrap" != "xno" ; then
744         AC_CHECK_FUNCS([argp_usage],[ac_argp=yes],[ac_argp=no])
745  fi
746
747  if test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no";then
748   crywrap=yes
749  fi
750
751 fi
752
753 AM_CONDITIONAL(ENABLE_CRYWRAP, test "x$crywrap" != "xno")
754
755 dnl end of crywrap requirements
756
757 dnl Some variables needed in makefiles
758 YEAR=`date +%Y`
759 AC_SUBST([YEAR], $YEAR)
760
761 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
762 AC_CONFIG_FILES([
763   Makefile
764   doc/Makefile
765   doc/credentials/Makefile
766   doc/credentials/openpgp/Makefile
767   doc/credentials/srp/Makefile
768   doc/credentials/x509/Makefile
769   doc/cyclo/Makefile
770   doc/doxygen/Doxyfile
771   doc/examples/Makefile
772   doc/latex/Makefile
773   doc/manpages/Makefile
774   doc/reference/Makefile
775   doc/reference/version.xml
776   doc/scripts/Makefile
777   extra/Makefile
778   extra/includes/Makefile
779   libdane/Makefile
780   libdane/includes/Makefile
781   libdane/gnutls-dane.pc
782   gl/Makefile
783   gl/tests/Makefile
784   guile/Makefile
785   guile/modules/Makefile
786   guile/src/Makefile
787   guile/tests/Makefile
788   lib/Makefile
789   lib/accelerated/Makefile
790   lib/accelerated/x86/Makefile
791   lib/algorithms/Makefile
792   lib/auth/Makefile
793   lib/ext/Makefile
794   lib/extras/Makefile
795   lib/gnutls.pc
796   lib/includes/Makefile
797   lib/includes/gnutls/gnutls.h
798   lib/minitasn1/Makefile
799   lib/nettle/Makefile
800   lib/opencdk/Makefile
801   lib/openpgp/Makefile
802   lib/x509/Makefile
803   po/Makefile.in
804   src/Makefile
805   src/crywrap/Makefile
806   src/gl/Makefile
807   tests/Makefile
808   tests/cert-tests/Makefile
809   tests/dsa/Makefile
810   tests/dtls/Makefile
811   tests/srp/Makefile
812   tests/ecdsa/Makefile
813   tests/key-tests/Makefile
814   tests/openpgp-certs/Makefile
815   tests/pkcs1-padding/Makefile
816   tests/pkcs12-decode/Makefile
817   tests/pkcs8-decode/Makefile
818   tests/rsa-md5-collision/Makefile
819   tests/safe-renegotiation/Makefile
820   tests/scripts/Makefile
821   tests/sha2/Makefile
822   tests/slow/Makefile
823   tests/suite/Makefile
824   tests/userid/Makefile
825 ])
826
827 AC_OUTPUT
828
829 dnl  Warning flags:        errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
830 dnl  Valgrind:             $opt_valgrind_tests ${VALGRIND}
831 AC_MSG_NOTICE([summary of build options:
832
833   version:              ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
834   Host/Target system:   ${host}
835   Build system:         ${build}
836   Install prefix:       ${prefix}
837   Compiler:             ${CC}
838   CFlags:               ${CFLAGS}
839   Library types:        Shared=${enable_shared}, Static=${enable_static}
840   Local libopts:        ${enable_local_libopts}
841   Local libtasn1:       ${included_libtasn1}
842   Use nettle-mini:      ${mini_nettle}
843 ])
844
845 AC_MSG_NOTICE([External hardware support:
846
847   /dev/crypto:          $enable_cryptodev
848   Hardware accel:       $hw_accel
849   Padlock accel:        $use_padlock
850   PKCS#11 support:      $with_p11_kit
851   TPM support:          $with_tpm
852 ])
853
854 AC_MSG_NOTICE([Optional features:
855 (note that included applications might not compile properly
856 if features are disabled)
857
858   DTLS-SRTP support:    $ac_enable_srtp
859   ALPN support:         $ac_enable_alpn
860   OCSP support:         $ac_enable_ocsp
861   Ses. ticket support:  $ac_enable_session_tickets
862   OpenPGP support:      $ac_enable_openpgp
863   SRP support:          $ac_enable_srp
864   PSK support:          $ac_enable_psk
865   DHE support:          $ac_enable_dhe
866   ECDHE support:        $ac_enable_ecdhe
867   RSA-EXPORT support:   $ac_enable_rsa_export
868   Anon auth support:    $ac_enable_anon
869   Heartbeat support:    $ac_enable_heartbeat
870   IDNA support:         $libidn
871   Unicode support:      $ac_have_unicode
872   Self checks:          $enable_self_checks
873   Non-SuiteB curves:    $enable_non_suiteb
874   FIPS140 mode:         $enable_fips
875 ])
876
877 AC_MSG_NOTICE([Optional applications:
878
879   crywrap app:          $crywrap
880 ])
881
882 AC_MSG_NOTICE([Optional libraries:
883
884   Guile wrappers:       $opt_guile_bindings
885   C++ library:          $use_cxx
886   DANE library:         $enable_dane
887   OpenSSL compat:       $enable_openssl
888 ])
889
890 AC_MSG_NOTICE([System files:
891
892   Trust store pkcs11:   $with_default_trust_store_pkcs11
893   Trust store dir:      $with_default_trust_store_dir
894   Trust store file:     $with_default_trust_store_file
895   Blacklist file:       $with_default_blacklist_file
896   CRL file:             $with_default_crl_file
897   Priority file:        $system_priority_file
898   DNSSEC root key file: $unbound_root_key_file
899 ])
900
901 if test ! -f "$unbound_root_key_file"; then
902 AC_MSG_WARN([[
903 *** 
904 *** The DNSSEC root key file in $unbound_root_key_file was not found. 
905 *** This file is needed for the verification of DNSSEC responses.
906 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
907 *** to generate or update it.
908 *** ]])
909 fi