1 dnl Process this file with autoconf to produce a configure script.
2 # Copyright (C) 2000-2012, 2016 Free Software Foundation, Inc.
4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
6 # This file is part of GnuTLS.
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 # General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
25 dnl when updating version also update LT_REVISION in m4/hooks.m4
26 AC_INIT([GnuTLS], [3.6.9], [bugs@gnutls.org])
27 AC_CONFIG_AUX_DIR([build-aux])
28 AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4])
31 AM_INIT_AUTOMAKE([1.12.2 foreign subdir-objects no-dist-gzip dist-xz -Wall -Wno-override])
32 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
33 AC_CONFIG_HEADERS([config.h])
36 *** Checking for compilation programs...
39 dnl Checks for programs.
52 AC_USE_SYSTEM_EXTENSIONS
58 if test "$ac_cv_prog_cc_c99" = "no"; then
59 AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])
64 AM_MAINTAINER_MODE([enable])
66 AC_ARG_ENABLE(bash-tests,
67 AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]),
68 enable_bash_tests=$enableval, enable_bash_tests=yes)
69 AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes")
72 AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
73 enable_doc=$enableval, enable_doc=yes)
74 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
76 AC_ARG_ENABLE(manpages,
77 AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
78 enable_manpages=$enableval,enable_manpages=auto)
80 if test "${enable_manpages}" = "auto";then
81 enable_manpages="${enable_doc}"
84 AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
87 AS_HELP_STRING([--disable-tools], [don't compile any tools]),
88 enable_tools=$enableval, enable_tools=yes)
89 AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no")
91 # For includes/gnutls/gnutls.h.in.
92 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
93 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
94 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
95 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
97 dnl C and C++ capabilities
103 AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
104 use_cxx=$enableval, use_cxx=yes)
105 if test "$use_cxx" != "no"; then
107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
110 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
112 dnl Detect windows build
119 *mingw32* | *mingw64*)
121 AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
125 save_LDFLAGS="$LDFLAGS"
126 dnl Try to use -no_weak_imports if available. This makes sure we
127 dnl error out when linking to a function that doesn't exist in the
128 dnl intended minimum runtime version.
129 LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
130 AC_MSG_CHECKING([whether the linker supports -Wl,-no_weak_imports])
131 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
132 [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); LDFLAGS="$save_LDFLAGS"])
139 *** In solaris hardware acceleration is disabled by default due to issues
140 *** with the assembler. Use --enable-hardware-acceleration to enable it.
148 AM_CONDITIONAL(ANDROID, test "$have_android" = yes)
149 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
150 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
151 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
153 dnl Hardware Acceleration
154 AC_ARG_ENABLE(hardware-acceleration,
155 AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
156 use_accel=$enableval)
161 if test "$use_accel" != "no"; then
167 dnl ILP32 not supported in assembler yet
172 i?86 | x86_64 | amd64)
173 AC_CHECK_HEADERS(cpuid.h)
174 if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
185 # check for gcc's __get_cpuid_count functionality
186 AC_MSG_CHECKING([for __get_cpuid_count])
190 int main(void) { unsigned t1; return __get_cpuid_count(7, 0, &t1, &t1, &t1, &t1); }
192 [AC_DEFINE([HAVE_GET_CPUID_COUNT], [1], [use __get_cpuid_count]) AC_MSG_RESULT([yes])],
193 [AC_MSG_RESULT([no])]
198 AC_ARG_ENABLE(tls13-interop,
199 AS_HELP_STRING([--disable-tls13-interop], [disable TLS1.3 interoperability testing with openssl]),
200 enable_tls13_interop=$enableval, enable_tls13_interop=yes)
202 AM_CONDITIONAL(ENABLE_TLS13_INTEROP, test "$enable_tls13_interop" != "no")
204 dnl Check for iovec type
205 AC_CHECK_MEMBERS([struct iovec.iov_base],
207 AC_SUBST([DEFINE_IOVEC_T], ["#include <sys/uio.h>
208 typedef struct iovec giovec_t;"])
211 AC_SUBST([DEFINE_IOVEC_T], ["typedef struct {
216 [#include <sys/uio.h>
218 AM_SUBST_NOTMAKE([DEFINE_IOVEC_T])
220 dnl Need netinet/tcp.h for TCP_FASTOPEN
221 AC_CHECK_HEADERS([netinet/tcp.h])
222 AC_CHECK_HEADERS([stdatomic.h])
224 dnl This ensures that we link with the right library for atomic operations on Linux SPARC
226 AC_SEARCH_LIBS([__atomic_load_4], [atomic], [], [AC_MSG_NOTICE([Could not detect libatomic])])
229 AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_search___atomic_load_4" = "no"],
230 [AC_SUBST([LIBATOMIC_LIBS], [])],
231 [AC_SUBST([LIBATOMIC_LIBS], [$ac_cv_search___atomic_load_4])])
233 dnl We use its presence to detect C11 threads
234 AC_CHECK_HEADERS([threads.h])
236 AC_ARG_ENABLE(padlock,
237 AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
238 use_padlock=$enableval)
240 if test "$use_padlock" != "no"; then
241 AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
242 AC_SUBST([ENABLE_PADLOCK])
244 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
245 AM_CONDITIONAL(ASM_AARCH64, test x"$hw_accel" = x"aarch64")
246 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
247 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
248 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
249 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
250 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
252 dnl check for getrandom()
253 rnd_variant="auto-detect"
254 AC_MSG_CHECKING([for getrandom])
255 AC_LINK_IFELSE([AC_LANG_PROGRAM([
256 #include <sys/random.h>],[
260 AC_DEFINE([HAVE_GETRANDOM], 1, [Enable the Linux getrandom function])
261 rnd_variant=getrandom],
264 AC_MSG_CHECKING([for getentropy])
265 AC_LINK_IFELSE([AC_LANG_PROGRAM([
268 #include <sys/random.h>
277 AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
278 rnd_variant=getentropy],
281 AM_CONDITIONAL(HAVE_GETENTROPY, test "$rnd_variant" = "getentropy")
285 LIBGNUTLS_EXTRA_HOOKS
288 AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
289 enable_tests=$enableval, enable_tests=$enable_tools)
290 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
292 AC_ARG_ENABLE(fuzzer-target,
293 AS_HELP_STRING([--enable-fuzzer-target], [make a library intended for testing - not production]),
294 enable_fuzzer_target=$enableval, enable_fuzzer_target=no)
295 if test "$enable_fuzzer_target" != "no";then
296 AC_DEFINE([FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], 1, [Enable fuzzer target -not for production])
300 dnl check for gtk-doc
302 m4_ifdef([GTK_DOC_CHECK], [
303 GTK_DOC_CHECK([1.14],[--flavour no-tmpl])
305 AM_CONDITIONAL([ENABLE_GTK_DOC], false)
307 # needed for some older versions of gtk-doc
308 m4_ifdef([GTK_DOC_USE_LIBTOOL], [], [
309 AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], false)
312 AM_GNU_GETTEXT([external])
313 AM_GNU_GETTEXT_VERSION([0.19])
317 dnl No fork on MinGW, disable some self-tests until we fix them.
318 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
319 AC_CHECK_FUNCS([fork setitimer getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero],,)
320 dnl Manually check some functions by including headers first. On macOS, you
321 dnl normally only have the latest SDK available, containing all existing
322 dnl functions, but having them restricted according to target version in
323 dnl headers. If we bypass the headers and just try linking (as AC_CHECK_FUNCS
324 dnl does), we will accidentally detect functions which we shouldn't use. Set
325 dnl ac_cv_func_* as well, to avoid later AC_CHECK_FUNCS from other included
326 dnl scripts from overriding it.
327 AC_MSG_CHECKING([for clock_gettime])
328 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <time.h>], [clock_gettime(0, 0);])],
329 [AC_MSG_RESULT(yes); ac_cv_func_clock_gettime=yes
330 AC_DEFINE([HAVE_CLOCK_GETTIME], 1, [Define to 1 if you have the `clock_gettime' function.])],
331 [AC_MSG_RESULT(no); ac_cv_func_clock_gettime=no])
332 AC_MSG_CHECKING([for fmemopen])
333 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fmemopen(0, 0, 0);])],
334 [AC_MSG_RESULT(yes); ac_cv_func_fmemopen=yes
335 AC_DEFINE([HAVE_FMEMOPEN], 1, [Define to 1 if you have the `fmemopen' function.])],
336 [AC_MSG_RESULT(no); ac_cv_func_fmemopen=no])
338 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
340 AC_CHECK_FUNCS([__register_atfork secure_getenv getauxval],,)
342 AC_ARG_ENABLE(seccomp-tests,
343 AS_HELP_STRING([--enable-seccomp-tests], [unconditionally enable tests with seccomp]),
344 seccomp_tests=$enableval, seccomp_tests=no)
346 AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes")
348 # check for libseccomp - used in test programs
349 AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include <seccomp.h>
350 ], [seccomp_init(0);])
352 # check for libcrypto - used in test programs
353 AC_LIB_HAVE_LINKFLAGS(crypto,, [#include <openssl/evp.h>
354 ], [EVP_CIPHER_CTX_init(NULL);])
356 AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes")
358 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
360 ], [timer_create (0,0,0);])
362 if test "$have_win" != "yes";then
363 AC_CHECK_FUNCS([pthread_mutex_lock],,)
364 if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
365 AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
369 if test "$ac_cv_func_nanosleep" != "yes";then
370 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
371 gnutls_needs_librt=yes
374 if test "$ac_cv_func_clock_gettime" != "yes";then
375 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
376 gnutls_needs_librt=yes
379 AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring],
380 [disable linking with system libunistring]),
381 included_unistring="$withval",
382 included_unistring=no)
384 if test "$included_unistring" = yes;then
388 AC_SEARCH_LIBS(u8_normalize, unistring, [
389 included_unistring=no
390 ac_have_unistring=yes
391 AC_SUBST([LIBUNISTRING], [$ac_cv_search_u8_normalize])
393 ac_cv_libunistring=no
396 *** Libunistring was not found. To use the included one, use --with-included-unistring
402 AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes")
404 dnl Note that g*l_INIT are run after we check for library capabilities,
405 dnl to prevent issues from caching lib dependencies. See discussion
406 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
407 dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
412 # disable the extended test suite at tests/suite if asked, or if we are not running in git master
413 AC_ARG_ENABLE(full-test-suite,
414 AS_HELP_STRING([--disable-full-test-suite], [disable running very slow components of test suite]),
415 full_test_suite=$enableval, full_test_suite=yes)
417 # test if we are in git master or in release build. In release
418 # builds we do not use valgrind.
419 SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c"
420 if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then
424 AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes")
426 dnl GCC warnings to enable
428 AC_ARG_ENABLE([gcc-warnings],
429 [AS_HELP_STRING([--disable-gcc-warnings],
430 [turn off lots of GCC warnings (for developers)])],
433 *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
435 gl_gcc_warnings=$enableval],
436 [gl_gcc_warnings=yes]
439 if test "$gl_gcc_warnings" = yes; then
440 gl_WARN_ADD([-Wtype-limits], [WSTACK_CFLAGS])
442 nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
443 nw="$nw -Wc++-compat" # We don't care about C++ compilers
444 nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib
445 nw="$nw -Wtraditional" # Warns on #elif which we use often
446 nw="$nw -Wpadded" # Our structs are not padded
447 nw="$nw -Wtraditional-conversion" # Too many warnings for now
448 nw="$nw -Wswitch-default" # Too many warnings for now
449 nw="$nw -Wformat-y2k" # Too many warnings for now
450 nw="$nw -Woverlength-strings" # We use some in tests/
451 nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays
452 nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
453 nw="$nw -Wformat-signedness" # Too many to handle
454 nw="$nw -Wstrict-overflow"
455 nw="$nw -Wmissing-noreturn"
456 nw="$nw -Winline" # Too compiler dependent
457 nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
458 nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
459 nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
460 nw="$nw -Wstack-protector" # Some functions cannot be protected
461 nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point
462 nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle)
464 gl_MANYWARN_ALL_GCC([ws])
465 gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
469 gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
470 gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
471 gl_WARN_ADD([-Wno-format-truncation]) # Many warnings with no point
472 gl_WARN_ADD([-Wimplicit-fallthrough=2])
473 gl_WARN_ADD([-Wabi=11])
474 gl_WARN_ADD([-fdiagnostics-show-option])
477 AC_SUBST([WERROR_CFLAGS])
478 AC_SUBST([WSTACK_CFLAGS])
479 AC_SUBST([WARN_CFLAGS])
481 dnl Programs for compilation or development
483 LT_INIT([disable-static,win32-dll,shared])
487 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
489 AC_ARG_ENABLE(fips140-mode,
490 AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
491 enable_fips=$enableval, enable_fips=no)
492 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
493 if [ test "$enable_fips" = "yes" ];then
494 if test "x$HAVE_LIBDL" = "xyes";then
495 AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
496 AC_SUBST([FIPS140_LIBS], $LIBDL)
497 AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
498 [specify the FIPS140 HMAC key for integrity]),
500 fips_key="orboDeJITITejsirpADONivirpUkvarP")
502 AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
507 *** This system is not supported in FIPS140 mode.
508 *** libdl and dladdr() are required.
513 PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no])
514 AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no")
516 AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],
517 [disable support for IDNA]),
518 try_libidn2="$withval",
524 if test "$try_libidn2" = yes;then
526 AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [
528 idna_support="IDNA 2008 (libidn2)"
529 AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.])
530 AC_SUBST([LIBIDN2_CFLAGS], [])
531 AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in
532 dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private)
533 dnl if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
534 dnl GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
536 dnl GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
540 AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support)
547 AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")
549 AC_ARG_ENABLE(non-suiteb-curves,
550 AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
551 enable_non_suiteb=$enableval, enable_non_suiteb=yes)
553 if test "$enable_non_suiteb" = "yes";then
554 dnl nettle_secp_192r1 is not really a function
555 AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
557 if test "$enable_non_suiteb" = "yes";then
558 AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
561 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
563 # We MUST require a Nettle version that has rsa_sec_decrypt now.
565 LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS"
566 AC_CHECK_FUNCS(nettle_rsa_sec_decrypt,
568 [AC_MSG_ERROR([Nettle lacks the required rsa_sec_decrypt function])]
572 # Check if nettle has CFB8 support
574 LIBS="$LIBS $NETTLE_LIBS"
575 AC_CHECK_FUNCS(nettle_cfb8_encrypt)
578 # Check if nettle has CMAC support
580 LIBS="$LIBS $NETTLE_LIBS"
581 AC_CHECK_FUNCS(nettle_cmac128_update)
584 # Check if nettle has XTS support
586 LIBS="$LIBS $NETTLE_LIBS"
587 AC_CHECK_FUNCS(nettle_xts_encrypt_message)
590 # Check for Gosthash94 with CryptoPro S-box support
592 LIBS="$LIBS $NETTLE_LIBS"
593 AC_CHECK_FUNCS(nettle_gosthash94cp_update)
596 # Check for GOST28147
598 LIBS="$LIBS $NETTLE_LIBS"
599 AC_CHECK_FUNCS(nettle_gost28147_set_key)
602 # Check for Streebog support
604 LIBS="$LIBS $NETTLE_LIBS"
605 AC_CHECK_FUNCS(nettle_streebog512_update)
608 AC_MSG_CHECKING([whether to build libdane])
609 AC_ARG_ENABLE(libdane,
610 AS_HELP_STRING([--disable-libdane],
611 [disable the built of libdane]),
612 enable_dane=$enableval, enable_dane=yes)
613 AC_MSG_RESULT($enable_dane)
615 if test "$enable_dane" != "no"; then
616 LIBS="$oldlibs -lunbound"
617 AC_MSG_CHECKING([for unbound library])
618 AC_LINK_IFELSE([AC_LANG_PROGRAM([
619 #include <unbound.h>],[
621 ctx = ub_ctx_create();])],
623 AC_SUBST([UNBOUND_LIBS], [-lunbound])
624 AC_SUBST([UNBOUND_CFLAGS], [])
625 AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
630 *** libunbound was not found. Libdane will not be built.
636 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
638 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
639 [specify the unbound root key file]),
640 unbound_root_key_file="$withval",
641 if test "$have_win" = yes; then
642 unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
644 if test -f /var/lib/unbound/root.key;then
645 unbound_root_key_file="/var/lib/unbound/root.key"
647 if test -f /usr/share/dns/root.key;then
648 unbound_root_key_file="/usr/share/dns/root.key"
650 unbound_root_key_file="/etc/unbound/root.key"
656 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
657 ["$unbound_root_key_file"], [The DNSSEC root key file])
659 system_config_file="/etc/gnutls/config"
660 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
661 [specify the system-wide config file (set empty to disable)]),
662 system_config_file="$withval"
665 AM_CONDITIONAL(DISABLE_SYSTEM_CONFIG, test -z "${system_config_file}")
667 if test -z "${system_config_file}";then
668 AC_DEFINE([DISABLE_SYSTEM_CONFIG], 1, [Whether to disable system configuration])
671 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
672 ["$system_config_file"], [The system-wide gnutls configuration file])
674 AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string],
675 [specify the default priority string used by gnutls_set_default_priority (default is NORMAL)]),
676 prio_string="$withval",
677 prio_string="NORMAL")
679 AC_DEFINE_UNQUOTED([DEFAULT_PRIORITY_STRING], ["$prio_string"], [The default priority string])
681 dnl Check for p11-kit
682 P11_KIT_MINIMUM=0.23.1
684 AS_HELP_STRING([--without-p11-kit],
685 [Build without p11-kit and PKCS#11 support]))
686 if test "$with_p11_kit" != "no"; then
687 PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
688 if test "$with_p11_kit" != "no";then
689 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
690 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
691 GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
693 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
699 *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
700 *** use --without-p11-kit, otherwise you may get p11-kit from
701 *** https://p11-glue.freedesktop.org/p11-kit.html
706 AM_CONDITIONAL(P11KIT_0_23_11_API, $PKG_CONFIG --atleast-version=0.23.11 p11-kit-1)
708 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
711 AS_HELP_STRING([--without-tpm],
712 [Disable TPM (trousers) support.]),
713 [with_tpm=$withval], [with_tpm=yes])
714 if test "$with_tpm" != "no"; then
715 LIBS="$oldlibs -ltspi"
716 AC_MSG_CHECKING([for tss library])
717 AC_LINK_IFELSE([AC_LANG_PROGRAM([
718 #include <trousers/tss.h>
719 #include <trousers/trousers.h>],[
720 int err = Tspi_Context_Create((void *)0);
721 Trspi_Error_String(err);])],
723 AC_SUBST([TSS_LIBS], [-ltspi])
724 AC_SUBST([TSS_CFLAGS], [])
725 AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
730 *** trousers was not found. TPM support will be disabled.
736 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
738 for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do
739 if test -f "${l}/libtspi.so.1";then
740 default_trousers_lib="${l}/libtspi.so.1"
745 AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB],
746 [set the location of the trousers library]),
747 ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib)
749 if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then
752 *** unable to find trousers library, please specify with --with-trousers-lib=<lib file>
757 AC_DEFINE_UNQUOTED([TROUSERS_LIB], ["$ac_trousers_lib"], [the location of the trousers library])
758 AC_SUBST(TROUSERS_LIB)
760 AM_MISSING_PROG([AUTOGEN], [autogen])
763 if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
764 AC_CHECK_PROGS([autogen], [autogen])
766 if test -z "$autogen"; then
769 *** autogen not found. Will not link against system libopts.
771 dnl simulate specifying option on the command line
774 LIBOPTS_CHECK([src/libopts])
775 if test "$NEED_LIBOPTS_DIR" = "true";then
776 dnl replace libopts-generated files with distributed backups, if present
780 # Need to ensure the relevant conditionals get set
782 AM_CONDITIONAL([INSTALL_LIBOPTS],[false])
785 AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes")
788 AC_CHECK_SIZEOF(unsigned long int, 4)
789 AC_CHECK_SIZEOF(unsigned int, 4)
790 AC_CHECK_SIZEOF(time_t, 4)
792 # export for use in scripts
793 AC_SUBST(ac_cv_sizeof_time_t)
795 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
798 AC_ARG_WITH([default-trust-store-pkcs11],
799 [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
800 [use the given pkcs11 uri as default trust store])])
802 if test "x$with_default_trust_store_pkcs11" != x; then
803 if test "x$with_p11_kit" = xno; then
804 AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
806 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
807 ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
810 AM_CONDITIONAL([HAVE_PKCS11_TRUST_STORE], [test -n "${with_default_trust_store_pkcs11}"])
812 AC_ARG_WITH([default-trust-store-dir],
813 [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
814 [use the given directory as default trust store])])
816 if test "x$with_default_trust_store_dir" != x; then
817 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
818 ["$with_default_trust_store_dir"], [use the given directory as default trust store])
821 dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
822 AC_ARG_WITH([default-trust-store-file],
823 [AS_HELP_STRING([--with-default-trust-store-file=FILE],
824 [use the given file default trust store])], with_default_trust_store_file="$withval",
825 [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then
827 /etc/ssl/ca-bundle.pem \
828 /etc/ssl/certs/ca-certificates.crt \
829 /etc/pki/tls/cert.pem \
830 /usr/local/share/certs/ca-root-nss.crt \
833 if test -e "$i"; then
834 with_default_trust_store_file="$i"
841 if test "$with_default_trust_store_file" = "no";then
842 with_default_trust_store_file=""
845 AC_ARG_WITH([default-crl-file],
846 [AS_HELP_STRING([--with-default-crl-file=FILE],
847 [use the given CRL file as default])])
849 AC_ARG_WITH([default-blacklist-file],
850 [AS_HELP_STRING([--with-default-blacklist-file=FILE],
851 [use the given certificate blacklist file as default])])
853 if test "x$with_default_trust_store_file" != x; then
854 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
855 ["$with_default_trust_store_file"], [use the given file default trust store])
858 if test "x$with_default_crl_file" != x; then
859 AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
860 ["$with_default_crl_file"], [use the given CRL file])
863 if test "x$with_default_blacklist_file" != x; then
864 AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
865 ["$with_default_blacklist_file"], [use the given certificate blacklist file])
869 AC_MSG_CHECKING([whether building Guile bindings])
871 AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
872 [opt_guile_bindings=$enableval], [opt_guile_bindings=yes])
873 AC_MSG_RESULT($opt_guile_bindings)
875 AC_ARG_WITH([guile-site-dir], AS_HELP_STRING([--with-guile-site-dir=DIR],
876 [guile site directory for gnutls, default is guile system settings]),
877 [guilesitedir="${withval}"], [guilesitedir='$(GUILE_SITE)'])
878 AC_ARG_WITH([guile-site-ccache-dir], AS_HELP_STRING([--with-guile-site-ccache-dir=DIR],
879 [guile ccache directory for gnutls, default is guile system settings]),
880 [guilesiteccachedir="${withval}"], [guilesiteccachedir='$(GUILE_SITE_CCACHE)'])
881 AC_ARG_WITH([guile-extension-dir], AS_HELP_STRING([--with-guile-extension-dir=DIR],
882 [guile extension directory for gnutls, default is guile system settings]),
883 [guileextensiondir="${withval}"], [guileextensiondir='$(GUILE_EXTENSION)'])
884 AC_SUBST([guilesitedir])
885 AC_SUBST([guilesiteccachedir])
886 AC_SUBST([guileextensiondir])
888 if test "$opt_guile_bindings" = "yes"; then
890 *** Detecting GNU Guile...
893 AC_PATH_PROG([guile_snarf], [guile-snarf])
894 if test "x$guile_snarf" = "x"; then
895 AC_MSG_WARN([`guile-snarf' from Guile not found. Guile bindings not built.])
896 opt_guile_bindings=no
898 dnl Check for 'guild', which can be used to compile Scheme code
900 AC_PATH_PROG([GUILD], [guild])
908 # Backward compatibility with <guile-2.2 m4 macro that is used
909 # due to autreconf of several CI machine.
910 # We need to guess the locations of ccache and extension
911 if test -z "${GUILE_SITE_CCACHE}"; then
912 AC_MSG_NOTICE([Found <guile-2.2 m4, macro emulating])
914 AC_MSG_CHECKING([for GUILE_SITE_CCACHE via pkg-config])
915 GUILE_SITE_CCACHE=`$PKG_CONFIG --variable=siteccachedir guile-$GUILE_EFFECTIVE_VERSION`
916 AC_MSG_RESULT([${GUILE_SITE_CCACHE}])
917 if test -z "${GUILE_SITE_CCACHE}"; then
918 AC_MSG_CHECKING([for GUILE_SITE_CCACHE via guile])
919 GUILE_SITE_CCACHE=`$GUILE -c "(display (if (defined? '%site-ccache-dir) (%site-ccache-dir) \"\"))"`
920 AC_MSG_RESULT([${GUILE_SITE_CCACHE}])
922 AC_SUBST([GUILE_SITE_CCACHE])
924 AC_MSG_CHECKING([for GUILE_EXTENSION])
925 GUILE_EXTENSION=`$PKG_CONFIG --print-errors --variable=extensiondir guile-$GUILE_EFFECTIVE_VERSION`
926 AC_MSG_RESULT([${GUILE_EXTENSION}])
927 AC_SUBST([GUILE_EXTENSION])
930 save_CFLAGS="$CFLAGS"
932 CFLAGS="$CFLAGS $GUILE_CFLAGS"
933 LIBS="$LIBS $GUILE_LDFLAGS"
934 AC_MSG_CHECKING([whether GNU Guile is recent enough])
935 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
936 [], [opt_guile_bindings=no])
937 CFLAGS="$save_CFLAGS"
940 if test "$opt_guile_bindings" = "yes"; then
942 AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
943 _gcc_cflags_save="$CFLAGS"
944 CFLAGS="${CFLAGS} -fgnu89-inline"
945 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
946 gnu89_inline=yes, gnu89_inline=no)
947 AC_MSG_RESULT($gnu89_inline)
948 CFLAGS="$_gcc_cflags_save"
950 # Optional Guile functions.
951 save_CFLAGS="$CFLAGS"
953 CFLAGS="$CFLAGS $GUILE_CFLAGS"
954 LIBS="$LIBS $GUILE_LDFLAGS"
955 AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
956 CFLAGS="$save_CFLAGS"
960 AC_MSG_WARN([A sufficiently recent GNU Guile not found. Guile bindings not built.])
961 opt_guile_bindings=no
966 AM_CONDITIONAL([HAVE_GUILE], [test "$opt_guile_bindings" = "yes"])
967 AM_CONDITIONAL([HAVE_GUILD], [test "x$GUILD" != "x"])
969 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
970 LIBGNUTLS_CFLAGS="-I${includedir}"
971 AC_SUBST(LIBGNUTLS_LIBS)
972 AC_SUBST(LIBGNUTLS_CFLAGS)
974 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
976 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
977 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
979 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
980 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
981 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
983 dnl Some variables needed in makefiles
985 AC_SUBST([YEAR], $YEAR)
987 dnl configuration options for config file parsing (inih)
988 AC_DEFINE([INI_MAX_LINE], 2048, [inih maximum line size])
989 AC_DEFINE([INI_ALLOW_INLINE_COMMENTS], 1, [whether to allowin inline comments])
990 AC_DEFINE([INI_STOP_ON_FIRST_ERROR], 1, [whether to stop on first error])
991 AC_DEFINE_UNQUOTED([INI_INLINE_COMMENT_PREFIXES], [";#"], [The inline comment prefixes])
992 AC_DEFINE_UNQUOTED([INI_START_COMMENT_PREFIXES], [";#"], [The comment prefixes])
994 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
998 doc/credentials/Makefile
999 doc/credentials/srp/Makefile
1000 doc/credentials/x509/Makefile
1001 doc/doxygen/Doxyfile
1002 doc/examples/Makefile
1004 doc/manpages/Makefile
1005 doc/reference/Makefile
1006 doc/reference/version.xml
1007 doc/scripts/Makefile
1009 extra/includes/Makefile
1011 libdane/includes/Makefile
1012 libdane/gnutls-dane.pc
1018 lib/accelerated/Makefile
1019 lib/accelerated/x86/Makefile
1020 lib/accelerated/aarch64/Makefile
1021 lib/algorithms/Makefile
1026 lib/includes/Makefile
1027 lib/includes/gnutls/gnutls.h
1028 lib/minitasn1/Makefile
1031 lib/unistring/Makefile
1037 tests/windows/Makefile
1038 tests/cert-tests/Makefile
1040 tests/suite/Makefile
1046 dnl Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
1047 AC_MSG_NOTICE([summary of build options:
1049 version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
1050 Host/Target system: ${host}
1051 Build system: ${build}
1052 Install prefix: ${prefix}
1054 Valgrind: $opt_valgrind_tests ${VALGRIND}
1056 Library types: Shared=${enable_shared}, Static=${enable_static}
1057 Local libopts: ${included_libopts}
1058 Local libtasn1: ${included_libtasn1}
1059 Local unistring: ${included_unistring}
1060 Use nettle-mini: ${mini_nettle}
1061 Documentation: ${enable_doc} (manpages: ${enable_manpages})
1064 AC_MSG_NOTICE([External hardware support:
1066 /dev/crypto: $enable_cryptodev
1067 Hardware accel: $hw_accel
1068 Padlock accel: $use_padlock
1069 Random gen. variant: $rnd_variant
1070 PKCS#11 support: $with_p11_kit
1071 TPM support: $with_tpm
1073 if test -n "$ac_trousers_lib";then
1075 TPM library: $ac_trousers_lib
1079 AC_MSG_NOTICE([Optional features:
1080 (note that included applications might not compile properly
1081 if features are disabled)
1083 SSL3.0 support: $ac_enable_ssl3
1084 SSL2.0 client hello: $ac_enable_ssl2
1085 Allow SHA1 sign: $ac_allow_sha1
1086 DTLS-SRTP support: $ac_enable_srtp
1087 ALPN support: $ac_enable_alpn
1088 OCSP support: $ac_enable_ocsp
1089 SRP support: $ac_enable_srp
1090 PSK support: $ac_enable_psk
1091 DHE support: $ac_enable_dhe
1092 ECDHE support: $ac_enable_ecdhe
1093 GOST support: $ac_enable_gost
1094 Anon auth support: $ac_enable_anon
1095 Heartbeat support: $ac_enable_heartbeat
1096 IDNA support: $idna_support
1097 Non-SuiteB curves: $enable_non_suiteb
1098 FIPS140 mode: $enable_fips
1101 AC_MSG_NOTICE([Optional libraries:
1103 Guile wrappers: $opt_guile_bindings
1104 C++ library: $use_cxx
1105 DANE library: $enable_dane
1106 OpenSSL compat: $enable_openssl
1109 AC_MSG_NOTICE([System files:
1111 Trust store pkcs11: $with_default_trust_store_pkcs11
1112 Trust store dir: $with_default_trust_store_dir
1113 Trust store file: $with_default_trust_store_file
1114 Blacklist file: $with_default_blacklist_file
1115 CRL file: $with_default_crl_file
1116 Configuration file: $system_config_file
1117 DNSSEC root key file: $unbound_root_key_file
1120 if test ! -f "$unbound_root_key_file"; then
1123 *** The DNSSEC root key file in $unbound_root_key_file was not found.
1124 *** This file is needed for the verification of DNSSEC responses.
1125 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
1126 *** to generate or update it.
1130 if test "${enable_static}" != no;then
1132 *** GnuTLS will be build as a static library. That means that library
1133 *** constructors for gnutls_global_init will not be made available to
1134 *** linking applications. If you are building that library for arbitrary
1135 *** applications to link, do not enable static linking.
1139 if test "$enable_fuzzer_target" != "no";then
1141 *** This version of the library is for fuzzying purposes and is intentionally broken!