added configuration option --disable-padlock
[gnutls:gnutls.git] / configure.ac
1 dnl Process this file with autoconf to produce a configure script.
2 # Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 #
4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
5 #
6 # This file is part of GnuTLS.
7 #
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
12 #
13 # This program is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16 # General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
21 # USA
22
23 AC_PREREQ(2.61)
24 AC_INIT([GnuTLS], [3.4.0], [bugs@gnutls.org])
25 AC_CONFIG_AUX_DIR([build-aux])
26 AC_CONFIG_MACRO_DIR([m4])
27 AC_CANONICAL_HOST
28
29 AM_INIT_AUTOMAKE([1.12.2 subdir-objects no-dist-gzip dist-xz dist-lzip -Wall -Wno-override])
30 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
31 AC_CONFIG_HEADERS([config.h])
32
33 AC_MSG_RESULT([***
34 *** Checking for compilation programs...
35 ])
36
37 dnl Checks for programs.
38 AC_PROG_CC
39 gl_EARLY
40 ggl_EARLY
41 AM_PROG_AS
42 AM_PROG_AR
43 AC_PROG_CXX
44 AM_PROG_CC_C_O
45 AC_PROG_YACC
46 AC_PROG_SED
47 AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true])
48
49 if test x"$AUTOGEN" = "x/bin/true"; then
50   AC_MSG_WARN([[
51 ***
52 *** autogen not found. Will not link against libopts.
53 *** ]])
54 enable_local_libopts=yes
55 fi
56
57 # For includes/gnutls/gnutls.h.in.
58 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
59 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
60 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
61 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
62
63 touch suppressions.valgrind
64 dnl C and C++ capabilities
65 AC_C_INLINE
66 AC_HEADER_STDC
67
68 # For the C++ code
69 AC_ARG_ENABLE(cxx,
70   AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
71     use_cxx=$enableval, use_cxx=yes)
72 if test "$use_cxx" != "no"; then
73   AC_LANG_PUSH(C++)
74   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
75   AC_LANG_POP(C++)
76 fi
77 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
78 AM_CONDITIONAL(WANT_TEST_SUITE, [test -f tests/suite/mini-eagain2.c])
79
80 dnl Detect windows build
81 case "$host" in
82   *mingw32* | *mingw64*)
83     have_win=yes
84   ;;
85   *darwin*)
86     have_macosx=yes
87   ;;
88   *)
89     have_elf=yes
90   ;;
91 esac
92
93 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
94 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
95 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
96
97 dnl Hardware Acceleration
98 AC_ARG_ENABLE(hardware-acceleration,
99   AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
100     use_accel=$enableval, use_accel=yes)
101 hw_accel=none
102
103
104 if test "$use_accel" != "no"; then
105 case $host_cpu in
106   i?86 | x86_64 | amd64)
107       AC_CHECK_HEADERS(cpuid.h)
108       if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
109         hw_accel="x86-64"
110       else
111         hw_accel="x86"
112       fi
113   ;;
114   *)
115   ;;
116 esac
117
118 fi
119
120 AC_ARG_ENABLE(padlock,
121   AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
122     use_padlock=$enableval, use_padlock=yes)
123
124 if test "$use_padlock" != "no"; then
125     AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
126     AC_SUBST([ENABLE_PADLOCK])
127 fi
128 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
129 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
130 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
131 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
132 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
133 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
134
135
136 dnl Try the hooks.m4
137 LIBGNUTLS_HOOKS
138 LIBGNUTLS_EXTRA_HOOKS
139
140 AC_ARG_ENABLE(doc,
141   AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
142     enable_doc=$enableval, enable_doc=yes)
143 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
144
145 AC_ARG_ENABLE(tests,
146   AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
147     enable_tests=$enableval, enable_tests=yes)
148 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
149
150 GTK_DOC_CHECK(1.1)
151 AM_GNU_GETTEXT([external])
152 AM_GNU_GETTEXT_VERSION([0.18])
153
154 AC_C_BIGENDIAN
155
156 dnl No fork on MinGW, disable some self-tests until we fix them.
157 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
158 AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,)
159 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
160
161 AC_CHECK_FUNCS([pthread_atfork __register_atfork],,)
162
163 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
164 #include <signal.h>
165 ], [timer_create (0,0,0);])
166
167 if test "$have_win" != "yes";then
168   AC_CHECK_FUNCS([pthread_mutex_lock],,)
169   if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
170     AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
171   fi
172 fi
173
174 if test "$ac_cv_func_nanosleep" != "yes";then
175   AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
176   gnutls_needs_librt=yes
177 fi
178
179 if test "$ac_cv_func_clock_gettime" != "yes";then
180   AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
181   gnutls_needs_librt=yes
182 fi
183
184 ac_have_unicode=no
185 if test "$ac_cv_func_iconv" != "yes";then
186   AC_LIB_HAVE_LINKFLAGS(iconv,, [#include <iconv.h>], [iconv (0, 0, 0, 0, 0);])
187   if test "$HAVE_LIBICONV" = "yes";then
188     ac_have_unicode=yes
189   fi
190 else
191   ac_have_unicode=yes
192 fi
193
194 if test "$ac_have_unicode" != "yes";then
195   if test "$have_win" = "yes";then
196     ac_have_unicode=yes
197   fi
198 fi
199
200 dnl Note that g*l_INIT are run after we check for library capabilities,
201 dnl to prevent issues from caching lib dependencies. See discussion
202 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
203 dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
204 gl_INIT
205 ggl_INIT
206
207 dnl GCC warnings to enable
208
209 AC_ARG_ENABLE([gcc-warnings],
210   [AS_HELP_STRING([--enable-gcc-warnings],
211                   [turn on lots of GCC warnings (for developers)])],
212   [case $enableval in
213      yes|no) ;;
214      *)      AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
215    esac
216    gl_gcc_warnings=$enableval],
217   [gl_gcc_warnings=no]
218 )
219
220 if test "$gl_gcc_warnings" = yes; then
221   gl_WARN_ADD([-Wframe-larger-than=1024], [WSTACK_CFLAGS])
222
223   nw="$nw -Wsystem-headers"         # Don't let system headers trigger warnings
224   nw="$nw -Wc++-compat"             # We don't care about C++ compilers
225   nw="$nw -Wundef"                  # Warns on '#if GNULIB_FOO' etc in gnulib
226   nw="$nw -Wtraditional"            # Warns on #elif which we use often
227   nw="$nw -Wlogical-op"             # Too many false positives
228   nw="$nw -Wold-style-definition"   # 
229   nw="$nw -Wpadded"                 # Our structs are not padded
230   nw="$nw -Wunreachable-code"       # Too many false positives
231   nw="$nw -Wtraditional-conversion" # Too many warnings for now
232   nw="$nw -Wcast-qual"              # Too many warnings for now
233   nw="$nw -Waggregate-return"       # Too many warnings for now
234   nw="$nw -Wshadow"                 # Too many warnings for now
235   nw="$nw -Wswitch-default"         # Too many warnings for now
236   nw="$nw -Wswitch-enum"            # Too many warnings for now
237   nw="$nw -Wconversion"             # Too many warnings for now
238   nw="$nw -Wsign-conversion"        # Too many warnings for now
239   nw="$nw -Wformat-y2k"             # Too many warnings for now
240   nw="$nw -Woverlength-strings"     # We use some in tests/
241   nw="$nw -Wvla"                    # There is no point to avoid C99 variable length arrays
242   nw="$nw -Wformat-nonliteral"      # Incompatible with gettext _()
243   nw="$nw -Wunsafe-loop-optimizations"
244   nw="$nw -Wstrict-overflow"
245   nw="$nw -Wmissing-noreturn"
246   nw="$nw -Winline"                 # Too compiler dependent
247   nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
248   nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
249   nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
250   nw="$nw -Wstack-protector"        # Some functions cannot be protected
251   nw="$nw -Wredundant-decls"        # Some files cannot be compiled with that (gl_fd_to_handle)
252
253   gl_MANYWARN_ALL_GCC([ws])
254   gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
255   for w in $ws; do
256     gl_WARN_ADD([$w])
257   done
258
259   gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
260   gl_WARN_ADD([-Wno-format-y2k])     # Too many warnings for now
261   gl_WARN_ADD([-Wno-unused-value]) # warnings for things we don't want to get
262   gl_WARN_ADD([-Wno-unused-result]) # warnings for things we don't want to get
263   gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
264   gl_WARN_ADD([-Wno-stack-protector])  # Some functions cannot be protected
265   gl_WARN_ADD([-Wno-int-to-pointer-cast])  # Some files cannot be compiled with that (gl_fd_to_handle)
266   gl_WARN_ADD([-fdiagnostics-show-option])
267 fi
268
269 AC_SUBST([WERROR_CFLAGS])
270 AC_SUBST([WSTACK_CFLAGS])
271 AC_SUBST([WARN_CFLAGS])
272
273 dnl Programs for compilation or development
274 AC_PROG_LN_S
275 LT_INIT([disable-static,win32-dll,shared])
276
277
278
279 AC_ARG_ENABLE(self-checks,
280   AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
281     enable_self_checks=$enableval, enable_self_checks=no)
282
283 AC_ARG_ENABLE(fips140-mode,
284   AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
285     enable_fips=$enableval, enable_fips=no)
286 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
287 if [ test "$enable_fips" = "yes" ];then
288   AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
289   if test "x$HAVE_LIBDL" = "xyes";then
290     enable_self_checks=yes
291
292     AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
293
294     AC_SUBST([FIPS140_LIBS], $LIBDL)
295   else
296     enable_fips=no
297     AC_MSG_WARN([[
298 *** 
299 *** This system is not supported in FIPS140 mode.
300 *** libdl and dladdr() are required.
301 *** ]])
302   fi
303 fi
304
305 PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no])
306 if test "$with_libidn" != "no";then
307         AC_DEFINE([HAVE_LIBIDN], 1, [Build IDNA support])
308         if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
309                 GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn"
310         else
311                 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn"
312         fi
313 else
314         with_libidn=no
315         AC_MSG_WARN([[
316 *** 
317 *** libidn was not found. IDNA support will be disabled.
318 *** ]])
319 fi
320
321 AM_CONDITIONAL(HAVE_LIBIDN, test "$with_libidn" != "no")
322
323 AC_ARG_ENABLE(non-suiteb-curves,
324   AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
325     enable_non_suiteb=$enableval, enable_non_suiteb=yes)
326 if [ test "$enable_non_suiteb" = "yes" ];then
327   AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
328 fi
329
330 AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
331 if [ test "$enable_self_checks" = "yes" ];then
332    AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
333 fi
334
335 AC_MSG_CHECKING([whether to build libdane])
336 AC_ARG_ENABLE(libdane,
337     AS_HELP_STRING([--disable-libdane],
338                    [disable the built of libdane]),
339     enable_dane=$enableval, enable_dane=yes)
340 AC_MSG_RESULT($enable_dane)
341
342 if test "$enable_dane" != "no"; then
343     LIBS="$oldlibs -lunbound"
344     AC_MSG_CHECKING([for unbound library])
345     AC_LINK_IFELSE([AC_LANG_PROGRAM([
346                    #include <unbound.h>],[
347                    struct ub_ctx* ctx;
348                    ctx = ub_ctx_create();])],
349                   [AC_MSG_RESULT(yes)
350                    AC_SUBST([UNBOUND_LIBS], [-lunbound])
351                    AC_SUBST([UNBOUND_CFLAGS], [])
352                    AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
353                    enable_dane=yes],
354                   [AC_MSG_RESULT(no)
355                    AC_MSG_WARN([[
356 *** 
357 *** libunbound was not found. Libdane will not be built.
358 *** ]])
359                   enable_dane=no])
360     LIBS="$oldlibs"
361 fi
362
363 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
364
365 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
366                                  [specify the unbound root key file]),
367             unbound_root_key_file="$withval", 
368 if test "$have_win" = yes; then
369     unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
370 else
371     if test -f /var/lib/unbound/root.key;then
372         unbound_root_key_file="/var/lib/unbound/root.key"
373     else
374         unbound_root_key_file="/etc/unbound/root.key"
375     fi
376 fi
377 )
378
379 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
380   ["$unbound_root_key_file"], [The DNSSEC root key file])
381
382 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
383                                  [specify the system priority file]),
384             system_priority_file="$withval", 
385 system_priority_file="/etc/gnutls/default-priorities"
386 )
387
388 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
389   ["$system_priority_file"], [The system priority file])
390
391 dnl Check for p11-kit
392 P11_KIT_MINIMUM=0.20.0
393 AC_ARG_WITH(p11-kit,
394         AS_HELP_STRING([--without-p11-kit],
395                 [Build without p11-kit and PKCS#11 support]))
396 if test "$with_p11_kit" != "no"; then
397         PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
398         if test "$with_p11_kit" != "no";then
399                 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
400                 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
401                         GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
402                 else
403                         GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
404                 fi
405         else
406                 with_p11_kit=no
407                 AC_MSG_WARN([[
408 *** 
409 *** p11-kit >= $P11_KIT_MINIMUM was not found. PKCS #11 support will be disabled.
410 *** You may get it from http://p11-glue.freedesktop.org/p11-kit.html
411 *** ]])
412         fi
413 fi
414
415 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
416
417 AC_ARG_WITH(tpm,
418         AS_HELP_STRING([--without-tpm],
419                 [Disable TPM (trousers) support.]),
420                 [with_tpm=$withval], [with_tpm=yes])
421 if test "$with_tpm" != "no"; then
422     LIBS="$oldlibs -ltspi"
423     AC_MSG_CHECKING([for tss library])
424     AC_LINK_IFELSE([AC_LANG_PROGRAM([
425                    #include <trousers/tss.h>
426                    #include <trousers/trousers.h>],[
427                    int err = Tspi_Context_Create((void *)0);
428                    Trspi_Error_String(err);])],
429                   [AC_MSG_RESULT(yes)
430                    AC_SUBST([TSS_LIBS], [-ltspi])
431                    AC_SUBST([TSS_CFLAGS], [])
432                    AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
433                    with_tpm=yes],
434                   [AC_MSG_RESULT(no)
435                    AC_MSG_WARN([[
436 *** 
437 *** trousers was not found. TPM support will be disabled.
438 *** ]])
439                   with_tpm=no])
440     LIBS="$oldlibs"
441 fi
442
443 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
444
445 LIBOPTS_CHECK([src/libopts])
446 if test "$NEED_LIBOPTS_DIR" = "true";then
447         dnl replace libopts-generated files with distributed backups, if present
448         missing_baks=
449         for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do
450                 nam=`echo $i|sed 's/.bak//g'`
451                 if test -f $i;then
452                         cp -f $i $nam
453                 else
454                         missing_baks=true
455                 fi
456         done
457         if test -z "$missing_baks"; then
458                 AC_SUBST([AUTOGEN], [/bin/true])
459         fi
460         enable_local_libopts=yes
461 else
462         enable_local_libopts=no
463 fi
464 AM_CONDITIONAL(NEED_LIBOPTS, test "$enable_local_libopts" = "yes")
465
466 AC_CHECK_TYPE(ssize_t,
467   [
468     DEFINE_SSIZE_T="#include <sys/types.h>"
469     AC_SUBST(DEFINE_SSIZE_T)
470   ], [
471     AC_DEFINE([NO_SSIZE_T], 1, [no ssize_t type was found])
472     DEFINE_SSIZE_T="typedef int ssize_t;"
473     AC_SUBST(DEFINE_SSIZE_T)
474   ], [
475     #include <sys/types.h>
476   ])
477
478 # For minitasn1.
479 AC_CHECK_SIZEOF(unsigned long int, 4)
480 AC_CHECK_SIZEOF(unsigned int, 4)
481
482 AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
483                                  [disable zlib compression support]),
484             ac_zlib=$withval, ac_zlib=yes)
485 AC_MSG_CHECKING([whether to include zlib compression support])
486 if test x$ac_zlib != xno; then
487  AC_MSG_RESULT(yes)
488  AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
489  if test x$ac_cv_libz != xyes; then
490    AC_MSG_WARN(
491 *** 
492 *** ZLIB was not found. You will not be able to use ZLIB compression.)
493  fi
494 else
495  AC_MSG_RESULT(no)
496 fi
497
498 PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
499
500 if test x$ac_zlib != xno; then
501   if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
502     if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
503       GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
504     else
505       GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
506     fi
507   fi
508 fi
509 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
510
511
512
513 AC_ARG_WITH([default-trust-store-pkcs11],
514   [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
515     [use the given pkcs11 uri as default trust store])])
516
517 if test "x$with_default_trust_store_pkcs11" != x; then
518   if test "x$with_p11_kit" = xno; then
519     AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
520   fi
521   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
522     ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
523 fi
524
525 AC_ARG_WITH([default-trust-store-dir],
526   [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
527     [use the given directory as default trust store])])
528
529 if test "x$with_default_trust_store_dir" != x; then
530   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
531     ["$with_default_trust_store_dir"], [use the given directory as default trust store])
532 fi
533
534 dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
535 AC_ARG_WITH([default-trust-store-file],
536   [AS_HELP_STRING([--with-default-trust-store-file=FILE],
537     [use the given file default trust store])], with_default_trust_store_file="$withval",
538   [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then
539   for i in \
540     /etc/ssl/ca-bundle.pem \
541     /etc/ssl/certs/ca-certificates.crt \
542     /etc/pki/tls/cert.pem \
543     /usr/local/share/certs/ca-root-nss.crt \
544     /etc/ssl/cert.pem
545     do
546     if test -e "$i"; then
547       with_default_trust_store_file="$i"
548       break
549     fi
550   done
551   fi]
552 )
553
554 if test "$with_default_trust_store_file" = "no";then
555   with_default_trust_store_file=""
556 fi
557
558 AC_ARG_WITH([default-crl-file],
559   [AS_HELP_STRING([--with-default-crl-file=FILE],
560     [use the given CRL file as default])])
561
562 AC_ARG_WITH([default-blacklist-file],
563   [AS_HELP_STRING([--with-default-blacklist-file=FILE],
564     [use the given certificate blacklist file as default])])
565
566 if test "x$with_default_trust_store_file" != x; then
567   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
568     ["$with_default_trust_store_file"], [use the given file default trust store])
569 fi
570
571 if test "x$with_default_crl_file" != x; then
572   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
573     ["$with_default_crl_file"], [use the given CRL file])
574 fi
575
576 if test "x$with_default_blacklist_file" != x; then
577   AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
578     ["$with_default_blacklist_file"], [use the given certificate blacklist file])
579 fi
580
581 dnl Guile bindings.
582 opt_guile_bindings=yes
583 AC_MSG_CHECKING([whether building Guile bindings])
584 AC_ARG_ENABLE(guile,
585         AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
586 opt_guile_bindings=$enableval)
587 AC_MSG_RESULT($opt_guile_bindings)
588
589 AC_ARG_WITH([guile-site-dir],
590   [AS_HELP_STRING([--with-guile-site-dir],
591      [use the given directory as the Guile site (use with care)])])
592
593 if test "$opt_guile_bindings" = "yes"; then
594    AC_MSG_RESULT([***
595 *** Detecting GNU Guile...
596 ])
597
598    AC_PATH_PROG([guile_snarf], [guile-snarf])
599    if test "x$guile_snarf" = "x"; then
600       AC_MSG_WARN([`guile-snarf' from Guile 1.8 not found.  Guile bindings not built.])
601       opt_guile_bindings=no
602    else
603       GUILE_PROGS
604       GUILE_FLAGS
605
606       save_CFLAGS="$CFLAGS"
607       save_LIBS="$LIBS"
608       CFLAGS="$CFLAGS $GUILE_CFLAGS"
609       LIBS="$LIBS $GUILE_LDFLAGS"
610       AC_MSG_CHECKING([whether GNU Guile is recent enough])
611       AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
612         [], [opt_guile_bindings=no])
613       CFLAGS="$save_CFLAGS"
614       LIBS="$save_LIBS"
615
616       if test "$opt_guile_bindings" = "yes"; then
617         AC_MSG_RESULT([yes])
618         case "x$with_guile_site_dir" in 
619              xno)
620                 # Use the default $(GUILE_SITE).
621                 GUILE_SITE_DIR
622                 ;;
623              x|xyes)
624                 # Automatically derive $(GUILE_SITE) from $(pkgdatadir).  This
625                 # hack is used to allow `distcheck' to work (see
626                 # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am').
627                 GUILE_SITE="\$(datadir)/guile/site"
628                 AC_SUBST(GUILE_SITE)
629                 ;;
630              *)
631                 # Use the user-specified directory as $(GUILE_SITE).
632                 GUILE_SITE="$with_guile_site_dir"
633                 AC_SUBST(GUILE_SITE)
634                 ;;
635         esac
636         AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
637         _gcc_cflags_save="$CFLAGS"
638         CFLAGS="${CFLAGS} -fgnu89-inline"
639         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
640                           gnu89_inline=yes, gnu89_inline=no)
641         AC_MSG_RESULT($gnu89_inline)
642         CFLAGS="$_gcc_cflags_save"
643
644         # Optional Guile functions.
645         save_CFLAGS="$CFLAGS"
646         save_LIBS="$LIBS"
647         CFLAGS="$CFLAGS $GUILE_CFLAGS"
648         LIBS="$LIBS $GUILE_LDFLAGS"
649         AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
650         CFLAGS="$save_CFLAGS"
651         LIBS="$save_LIBS"
652
653         # The place where guile-gnutls.la will go.
654         AC_MSG_CHECKING([the Guile effective version])
655         guile_effective_version="`$GUILE -c '(display (effective-version))'`"
656         AC_MSG_RESULT([$guile_effective_version])
657         guileextensiondir="$libdir/guile/$guile_effective_version"
658         AC_SUBST([guileextensiondir])
659       else
660         AC_MSG_RESULT([no])
661         AC_MSG_WARN([A sufficiently recent GNU Guile not found.  Guile bindings not built.])
662         opt_guile_bindings=no
663       fi
664    fi
665 fi
666 AM_CONDITIONAL(HAVE_GUILE, test "$opt_guile_bindings" = "yes")
667
668 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
669 LIBGNUTLS_CFLAGS="-I${includedir}"
670 AC_SUBST(LIBGNUTLS_LIBS)
671 AC_SUBST(LIBGNUTLS_CFLAGS)
672
673 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
674
675 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
676 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
677
678 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
679 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
680 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
681
682 dnl Crywrap dependencies
683    AC_MSG_RESULT([***
684 *** Checking dependencies for crywrap...
685 ])
686
687 crywrap=no
688
689 if test "$have_win" != "yes"; then
690
691 AC_CHECK_HEADERS([arpa/inet.h netinet/in.h sys/select.h sys/types.h sys/wait.h])
692
693 dnl **********************
694 dnl * Typedefs & co
695 dnl **********************
696 AC_CACHE_CHECK([return type of signal handlers],[ac_cv_type_signal],[AC_COMPILE_IFELSE(
697 [AC_LANG_PROGRAM([#include <sys/types.h>
698 #include <signal.h>
699 ],
700                  [return *(signal (0, 0)) (0) == 1;])],
701                    [ac_cv_type_signal=int],
702                    [ac_cv_type_signal=void])])
703 AC_DEFINE_UNQUOTED([RETSIGTYPE],[$ac_cv_type_signal],[Define as the return type of signal handlers
704                     (`int' or `void').])
705
706 AC_FUNC_SELECT_ARGTYPES
707 AC_CHECK_FUNCS([alarm atexit dup2 epoll_create kqueue memchr memset munmap \
708                 putenv regcomp scandir select socket strcasecmp strchr \
709                 strdup strerror strncasecmp strrchr strstr strtoul uname])
710
711 AC_ARG_ENABLE(crywrap,
712         AS_HELP_STRING([--disable-crywrap], [unconditionally disable the crywrap TLS proxy service]))
713
714
715  if test "x$enable_crywrap" != "xno" ; then
716         AC_CHECK_FUNCS([argp_usage],[ac_argp=yes],[ac_argp=no])
717  fi
718
719  if test "$ac_cv_func_daemon" != "no" && test "$ac_argp" != "no";then
720   crywrap=yes
721  fi
722
723 fi
724
725 AM_CONDITIONAL(ENABLE_CRYWRAP, test "x$crywrap" != "xno")
726
727 dnl end of crywrap requirements
728
729 dnl Some variables needed in makefiles
730 YEAR=`date +%Y`
731 AC_SUBST([YEAR], $YEAR)
732
733 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
734 AC_CONFIG_FILES([
735   Makefile
736   doc/Makefile
737   doc/credentials/Makefile
738   doc/credentials/openpgp/Makefile
739   doc/credentials/srp/Makefile
740   doc/credentials/x509/Makefile
741   doc/cyclo/Makefile
742   doc/doxygen/Doxyfile
743   doc/examples/Makefile
744   doc/latex/Makefile
745   doc/manpages/Makefile
746   doc/reference/Makefile
747   doc/reference/version.xml
748   doc/scripts/Makefile
749   extra/Makefile
750   extra/includes/Makefile
751   libdane/Makefile
752   libdane/includes/Makefile
753   libdane/gnutls-dane.pc
754   gl/Makefile
755   gl/tests/Makefile
756   guile/Makefile
757   guile/modules/Makefile
758   guile/src/Makefile
759   guile/tests/Makefile
760   lib/Makefile
761   lib/accelerated/Makefile
762   lib/accelerated/x86/Makefile
763   lib/algorithms/Makefile
764   lib/auth/Makefile
765   lib/ext/Makefile
766   lib/extras/Makefile
767   lib/gnutls.pc
768   lib/includes/Makefile
769   lib/includes/gnutls/gnutls.h
770   lib/minitasn1/Makefile
771   lib/nettle/Makefile
772   lib/opencdk/Makefile
773   lib/openpgp/Makefile
774   lib/x509/Makefile
775   po/Makefile.in
776   src/Makefile
777   src/crywrap/Makefile
778   src/gl/Makefile
779   tests/Makefile
780   tests/cert-tests/Makefile
781   tests/dsa/Makefile
782   tests/dtls/Makefile
783   tests/srp/Makefile
784   tests/ecdsa/Makefile
785   tests/key-tests/Makefile
786   tests/openpgp-certs/Makefile
787   tests/pkcs1-padding/Makefile
788   tests/pkcs12-decode/Makefile
789   tests/pkcs8-decode/Makefile
790   tests/rsa-md5-collision/Makefile
791   tests/safe-renegotiation/Makefile
792   tests/scripts/Makefile
793   tests/sha2/Makefile
794   tests/slow/Makefile
795   tests/suite/Makefile
796   tests/userid/Makefile
797 ])
798
799 AC_OUTPUT
800
801 dnl  Warning flags:        errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
802 dnl  Valgrind:             $opt_valgrind_tests ${VALGRIND}
803 AC_MSG_NOTICE([summary of build options:
804
805   version:              ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
806   Host/Target system:   ${host}
807   Build system:         ${build}
808   Install prefix:       ${prefix}
809   Compiler:             ${CC}
810   CFlags:               ${CFLAGS}
811   Library types:        Shared=${enable_shared}, Static=${enable_static}
812   Local libopts:        ${enable_local_libopts}
813   Local libtasn1:       ${included_libtasn1}
814   Use nettle-mini:      ${mini_nettle}
815 ])
816
817 AC_MSG_NOTICE([External hardware support:
818
819   /dev/crypto:          $enable_cryptodev
820   Hardware accel:       $hw_accel
821   Padlock accel:        $use_padlock
822   PKCS#11 support:      $with_p11_kit
823   TPM support:          $with_tpm
824 ])
825
826 AC_MSG_NOTICE([Optional features:
827 (note that included applications might not compile properly
828 if features are disabled)
829
830   DTLS-SRTP support:    $ac_enable_srtp
831   ALPN support:         $ac_enable_alpn
832   OCSP support:         $ac_enable_ocsp
833   Ses. ticket support:  $ac_enable_session_tickets
834   OpenPGP support:      $ac_enable_openpgp
835   SRP support:          $ac_enable_srp
836   PSK support:          $ac_enable_psk
837   DHE support:          $ac_enable_dhe
838   ECDHE support:        $ac_enable_ecdhe
839   RSA-EXPORT support:   $ac_enable_rsa_export
840   Anon auth support:    $ac_enable_anon
841   Heartbeat support:    $ac_enable_heartbeat
842   IDNA support:         $libidn
843   Unicode support:      $ac_have_unicode
844   Self checks:          $enable_self_checks
845   Non-SuiteB curves:    $enable_non_suiteb
846   FIPS140 mode:         $enable_fips
847 ])
848
849 AC_MSG_NOTICE([Optional applications:
850
851   crywrap app:          $crywrap
852 ])
853
854 AC_MSG_NOTICE([Optional libraries:
855
856   Guile wrappers:       $opt_guile_bindings
857   C++ library:          $use_cxx
858   DANE library:         $enable_dane
859   OpenSSL compat:       $enable_openssl
860 ])
861
862 AC_MSG_NOTICE([System files:
863
864   Trust store pkcs11:   $with_default_trust_store_pkcs11
865   Trust store dir:      $with_default_trust_store_dir
866   Trust store file:     $with_default_trust_store_file
867   Blacklist file:       $with_default_blacklist_file
868   CRL file:             $with_default_crl_file
869   Priority file:        $system_priority_file
870   DNSSEC root key file: $unbound_root_key_file
871 ])
872
873 if test ! -f "$unbound_root_key_file"; then
874 AC_MSG_WARN([[
875 *** 
876 *** The DNSSEC root key file in $unbound_root_key_file was not found. 
877 *** This file is needed for the verification of DNSSEC responses.
878 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
879 *** to generate or update it.
880 *** ]])
881 fi