1 dnl Process this file with autoconf to produce a configure script.
2 # Copyright (C) 2000-2012, 2016 Free Software Foundation, Inc.
4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
6 # This file is part of GnuTLS.
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 # General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
24 AC_INIT([GnuTLS], [3.6.5], [bugs@gnutls.org])
25 AC_CONFIG_AUX_DIR([build-aux])
26 AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4])
29 AM_INIT_AUTOMAKE([1.12.2 foreign subdir-objects no-dist-gzip dist-xz -Wall -Wno-override])
30 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
31 AC_CONFIG_HEADERS([config.h])
34 *** Checking for compilation programs...
37 dnl Checks for programs.
50 AC_USE_SYSTEM_EXTENSIONS
56 if test "$ac_cv_prog_cc_c99" = "no"; then
57 AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])
61 AM_MAINTAINER_MODE([enable])
63 AC_ARG_ENABLE(bash-tests,
64 AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]),
65 enable_bash_tests=$enableval, enable_bash_tests=yes)
66 AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes")
69 AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
70 enable_doc=$enableval, enable_doc=yes)
71 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
73 AC_ARG_ENABLE(manpages,
74 AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
75 enable_manpages=$enableval,enable_manpages=auto)
77 if test "${enable_manpages}" = "auto";then
78 enable_manpages="${enable_doc}"
81 AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
84 AS_HELP_STRING([--disable-tools], [don't compile any tools]),
85 enable_tools=$enableval, enable_tools=yes)
86 AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no")
88 # For includes/gnutls/gnutls.h.in.
89 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
90 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
91 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
92 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
94 dnl C and C++ capabilities
100 AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
101 use_cxx=$enableval, use_cxx=yes)
102 if test "$use_cxx" != "no"; then
104 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
107 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
109 dnl Detect windows build
116 *mingw32* | *mingw64*)
118 AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
122 save_LDFLAGS="$LDFLAGS"
123 dnl Try to use -no_weak_imports if available. This makes sure we
124 dnl error out when linking to a function that doesn't exist in the
125 dnl intended minimum runtime version.
126 LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
127 AC_MSG_CHECKING([whether the linker supports -Wl,-no_weak_imports])
128 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
129 [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); LDFLAGS="$save_LDFLAGS"])
136 *** In solaris hardware acceleration is disabled by default due to issues
137 *** with the assembler. Use --enable-hardware-acceleration to enable it.
145 AM_CONDITIONAL(ANDROID, test "$have_android" = yes)
146 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
147 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
148 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
150 dnl Hardware Acceleration
151 AC_ARG_ENABLE(hardware-acceleration,
152 AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
153 use_accel=$enableval)
158 if test "$use_accel" != "no"; then
164 dnl ILP32 not supported in assembler yet
169 i?86 | x86_64 | amd64)
170 AC_CHECK_HEADERS(cpuid.h)
171 if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
184 AC_ARG_ENABLE(tls13-interop,
185 AS_HELP_STRING([--disable-tls13-interop], [disable TLS1.3 interoperability testing with openssl]),
186 enable_tls13_interop=$enableval, enable_tls13_interop=yes)
188 AM_CONDITIONAL(ENABLE_TLS13_INTEROP, test "$enable_tls13_interop" != "no")
190 dnl Check for iovec type
191 AC_CHECK_MEMBERS([struct iovec.iov_base],
193 AC_SUBST([DEFINE_IOVEC_T], ["#include <sys/uio.h>
194 typedef struct iovec giovec_t;"])
197 AC_SUBST([DEFINE_IOVEC_T], ["typedef struct {
202 [#include <sys/uio.h>
204 AM_SUBST_NOTMAKE([DEFINE_IOVEC_T])
206 dnl Need netinet/tcp.h for TCP_FASTOPEN
207 AC_CHECK_HEADERS([netinet/tcp.h])
208 AC_CHECK_HEADERS([stdatomic.h])
210 dnl We use its presence to detect C11 threads
211 AC_CHECK_HEADERS([threads.h])
213 AC_ARG_ENABLE(padlock,
214 AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
215 use_padlock=$enableval)
217 if test "$use_padlock" != "no"; then
218 AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
219 AC_SUBST([ENABLE_PADLOCK])
221 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
222 AM_CONDITIONAL(ASM_AARCH64, test x"$hw_accel" = x"aarch64")
223 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
224 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
225 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
226 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
227 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
229 dnl check for getrandom()
230 rnd_variant="auto-detect"
231 AC_MSG_CHECKING([for getrandom])
232 AC_LINK_IFELSE([AC_LANG_PROGRAM([
233 #include <sys/random.h>],[
237 AC_DEFINE([HAVE_GETRANDOM], 1, [Enable the Linux getrandom function])
238 rnd_variant=getrandom],
241 AC_MSG_CHECKING([for getentropy])
242 AC_LINK_IFELSE([AC_LANG_PROGRAM([
245 #include <sys/random.h>
254 AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
255 rnd_variant=getentropy],
258 AM_CONDITIONAL(HAVE_GETENTROPY, test "$rnd_variant" = "getentropy")
262 LIBGNUTLS_EXTRA_HOOKS
265 AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
266 enable_tests=$enableval, enable_tests=$enable_tools)
267 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
269 AC_ARG_ENABLE(fuzzer-target,
270 AS_HELP_STRING([--enable-fuzzer-target], [make a library intended for testing - not production]),
271 enable_fuzzer_target=$enableval, enable_fuzzer_target=no)
272 if test "$enable_fuzzer_target" != "no";then
273 AC_DEFINE([FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], 1, [Enable fuzzer target -not for production])
277 dnl check for gtk-doc
279 m4_ifdef([GTK_DOC_CHECK], [
280 GTK_DOC_CHECK([1.14],[--flavour no-tmpl])
282 AM_CONDITIONAL([ENABLE_GTK_DOC], false)
284 # needed for some older versions of gtk-doc
285 m4_ifdef([GTK_DOC_USE_LIBTOOL], [], [
286 AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], false)
289 AM_GNU_GETTEXT([external])
290 AM_GNU_GETTEXT_VERSION([0.19])
294 dnl No fork on MinGW, disable some self-tests until we fix them.
295 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
296 AC_CHECK_FUNCS([fork setitimer inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero],,)
297 dnl Manually check some functions by including headers first. On macOS, you
298 dnl normally only have the latest SDK available, containing all existing
299 dnl functions, but having them restricted according to target version in
300 dnl headers. If we bypass the headers and just try linking (as AC_CHECK_FUNCS
301 dnl does), we will accidentally detect functions which we shouldn't use. Set
302 dnl ac_cv_func_* as well, to avoid later AC_CHECK_FUNCS from other included
303 dnl scripts from overriding it.
304 AC_MSG_CHECKING([for clock_gettime])
305 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <time.h>], [clock_gettime(0, 0);])],
306 [AC_MSG_RESULT(yes); ac_cv_func_clock_gettime=yes
307 AC_DEFINE([HAVE_CLOCK_GETTIME], 1, [Define to 1 if you have the `clock_gettime' function.])],
308 [AC_MSG_RESULT(no); ac_cv_func_clock_gettime=no])
309 AC_MSG_CHECKING([for fmemopen])
310 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fmemopen(0, 0, 0);])],
311 [AC_MSG_RESULT(yes); ac_cv_func_fmemopen=yes
312 AC_DEFINE([HAVE_FMEMOPEN], 1, [Define to 1 if you have the `fmemopen' function.])],
313 [AC_MSG_RESULT(no); ac_cv_func_fmemopen=no])
315 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
317 AC_CHECK_FUNCS([__register_atfork secure_getenv getauxval],,)
319 AC_ARG_ENABLE(seccomp-tests,
320 AS_HELP_STRING([--enable-seccomp-tests], [unconditionally enable tests with seccomp]),
321 seccomp_tests=$enableval, seccomp_tests=no)
323 AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes")
325 # check for libseccomp - used in test programs
326 AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include <seccomp.h>
327 ], [seccomp_init(0);])
329 # check for libcrypto - used in test programs
330 AC_LIB_HAVE_LINKFLAGS(crypto,, [#include <openssl/evp.h>
331 ], [EVP_CIPHER_CTX_init(NULL);])
333 AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes")
335 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
337 ], [timer_create (0,0,0);])
339 if test "$have_win" != "yes";then
340 AC_CHECK_FUNCS([pthread_mutex_lock],,)
341 if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
342 AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
346 if test "$ac_cv_func_nanosleep" != "yes";then
347 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
348 gnutls_needs_librt=yes
351 if test "$ac_cv_func_inet_pton" != "yes";then
352 AC_LIB_HAVE_LINKFLAGS(nsl,, [#include <arpa/inet.h>], [inet_pton(0,0,0);])
355 if test "$ac_cv_func_clock_gettime" != "yes";then
356 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
357 gnutls_needs_librt=yes
360 AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring],
361 [disable linking with system libunistring]),
362 included_unistring="$withval",
363 included_unistring=no)
365 if test "$included_unistring" = yes;then
368 AC_LIB_HAVE_LINKFLAGS(unistring,, [#include <uninorm.h>], [u8_normalize(0, 0, 0, 0, 0);])
370 if test "$HAVE_LIBUNISTRING" = "yes";then
371 included_unistring=no
372 ac_have_unistring=yes
376 *** Libunistring was not found. To use the included one, use --with-included-unistring
381 AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes")
383 dnl Note that g*l_INIT are run after we check for library capabilities,
384 dnl to prevent issues from caching lib dependencies. See discussion
385 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
386 dnl http://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
391 # disable the extended test suite at tests/suite if asked, or if we are not running in git master
392 AC_ARG_ENABLE(full-test-suite,
393 AS_HELP_STRING([--disable-full-test-suite], [disable running very slow components of test suite]),
394 full_test_suite=$enableval, full_test_suite=yes)
396 # test if we are in git master or in release build. In release
397 # builds we do not use valgrind.
398 SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c"
399 if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then
403 AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes")
405 dnl GCC warnings to enable
407 AC_ARG_ENABLE([gcc-warnings],
408 [AS_HELP_STRING([--disable-gcc-warnings],
409 [turn off lots of GCC warnings (for developers)])],
412 *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
414 gl_gcc_warnings=$enableval],
415 [gl_gcc_warnings=yes]
418 if test "$gl_gcc_warnings" = yes; then
419 gl_WARN_ADD([-Wtype-limits], [WSTACK_CFLAGS])
421 nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
422 nw="$nw -Wc++-compat" # We don't care about C++ compilers
423 nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib
424 nw="$nw -Wtraditional" # Warns on #elif which we use often
425 nw="$nw -Wpadded" # Our structs are not padded
426 nw="$nw -Wtraditional-conversion" # Too many warnings for now
427 nw="$nw -Wswitch-default" # Too many warnings for now
428 nw="$nw -Wformat-y2k" # Too many warnings for now
429 nw="$nw -Woverlength-strings" # We use some in tests/
430 nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays
431 nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
432 nw="$nw -Wformat-signedness" # Too many to handle
433 nw="$nw -Wstrict-overflow"
434 nw="$nw -Wmissing-noreturn"
435 nw="$nw -Winline" # Too compiler dependent
436 nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
437 nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
438 nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
439 nw="$nw -Wstack-protector" # Some functions cannot be protected
440 nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point
441 nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle)
443 gl_MANYWARN_ALL_GCC([ws])
444 gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
448 gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
449 gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
450 gl_WARN_ADD([-Wno-format-truncation]) # Many warnings with no point
451 gl_WARN_ADD([-Wimplicit-fallthrough=2])
452 gl_WARN_ADD([-Wabi=11])
453 gl_WARN_ADD([-fdiagnostics-show-option])
456 AC_SUBST([WERROR_CFLAGS])
457 AC_SUBST([WSTACK_CFLAGS])
458 AC_SUBST([WARN_CFLAGS])
460 dnl Programs for compilation or development
462 LT_INIT([disable-static,win32-dll,shared])
466 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
468 AC_ARG_ENABLE(fips140-mode,
469 AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
470 enable_fips=$enableval, enable_fips=no)
471 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
472 if [ test "$enable_fips" = "yes" ];then
473 if test "x$HAVE_LIBDL" = "xyes";then
474 AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
475 AC_SUBST([FIPS140_LIBS], $LIBDL)
476 AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
477 [specify the FIPS140 HMAC key for integrity]),
479 fips_key="orboDeJITITejsirpADONivirpUkvarP")
481 AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
486 *** This system is not supported in FIPS140 mode.
487 *** libdl and dladdr() are required.
492 PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no])
493 AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no")
495 AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],
496 [disable support for IDNA]),
497 try_libidn2="$withval",
503 if test "$try_libidn2" = yes;then
504 AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [
506 idna_support="IDNA 2008 (libidn2)"
507 AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.])
508 AC_SUBST([LIBIDN2_CFLAGS], [])
509 AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in
510 dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private)
511 dnl if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
512 dnl GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
514 dnl GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
518 AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support)
524 AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")
526 AC_ARG_ENABLE(non-suiteb-curves,
527 AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
528 enable_non_suiteb=$enableval, enable_non_suiteb=yes)
530 if test "$enable_non_suiteb" = "yes";then
531 dnl nettle_secp_192r1 is not really a function
532 AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS])
534 if test "$enable_non_suiteb" = "yes";then
535 AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
538 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
540 # We MUST require a Nettle version that has rsa_sec_decrypt now.
542 LIBS="$LIBS $HOGWEED_LIBS"
543 AC_CHECK_FUNCS(nettle_rsa_sec_decrypt,
545 [AC_MSG_ERROR([Nettle lacks the required rsa_sec_decrypt function])]
549 # Check if nettle has CFB8 support
551 LIBS="$LIBS $NETTLE_LIBS"
552 AC_CHECK_FUNCS(nettle_cfb8_encrypt)
555 # Check if nettle has CMAC support
557 LIBS="$LIBS $NETTLE_LIBS"
558 AC_CHECK_FUNCS(nettle_cmac128_update)
561 AC_MSG_CHECKING([whether to build libdane])
562 AC_ARG_ENABLE(libdane,
563 AS_HELP_STRING([--disable-libdane],
564 [disable the built of libdane]),
565 enable_dane=$enableval, enable_dane=yes)
566 AC_MSG_RESULT($enable_dane)
568 if test "$enable_dane" != "no"; then
569 LIBS="$oldlibs -lunbound"
570 AC_MSG_CHECKING([for unbound library])
571 AC_LINK_IFELSE([AC_LANG_PROGRAM([
572 #include <unbound.h>],[
574 ctx = ub_ctx_create();])],
576 AC_SUBST([UNBOUND_LIBS], [-lunbound])
577 AC_SUBST([UNBOUND_CFLAGS], [])
578 AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
583 *** libunbound was not found. Libdane will not be built.
589 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
591 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
592 [specify the unbound root key file]),
593 unbound_root_key_file="$withval",
594 if test "$have_win" = yes; then
595 unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
597 if test -f /var/lib/unbound/root.key;then
598 unbound_root_key_file="/var/lib/unbound/root.key"
600 if test -f /usr/share/dns/root.key;then
601 unbound_root_key_file="/usr/share/dns/root.key"
603 unbound_root_key_file="/etc/unbound/root.key"
609 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
610 ["$unbound_root_key_file"], [The DNSSEC root key file])
612 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
613 [specify the system priority file]),
614 system_priority_file="$withval",
615 system_priority_file="/etc/gnutls/default-priorities"
618 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
619 ["$system_priority_file"], [The system priority file])
621 AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string],
622 [specify the default priority string (e.g. @SYSTEM)]),
623 prio_string="$withval",
624 prio_string="NORMAL")
626 AC_DEFINE_UNQUOTED([DEFAULT_PRIORITY_STRING], ["$prio_string"], [The default priority string])
628 dnl Check for p11-kit
629 P11_KIT_MINIMUM=0.23.1
631 AS_HELP_STRING([--without-p11-kit],
632 [Build without p11-kit and PKCS#11 support]))
633 if test "$with_p11_kit" != "no"; then
634 PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
635 if test "$with_p11_kit" != "no";then
636 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
637 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
638 GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
640 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
646 *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
647 *** use --without-p11-kit, otherwise you may get p11-kit from
648 *** http://p11-glue.freedesktop.org/p11-kit.html
653 AM_CONDITIONAL(P11KIT_0_23_11_API, $PKG_CONFIG --atleast-version=0.23.11 p11-kit-1)
655 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
658 AS_HELP_STRING([--without-tpm],
659 [Disable TPM (trousers) support.]),
660 [with_tpm=$withval], [with_tpm=yes])
661 if test "$with_tpm" != "no"; then
662 LIBS="$oldlibs -ltspi"
663 AC_MSG_CHECKING([for tss library])
664 AC_LINK_IFELSE([AC_LANG_PROGRAM([
665 #include <trousers/tss.h>
666 #include <trousers/trousers.h>],[
667 int err = Tspi_Context_Create((void *)0);
668 Trspi_Error_String(err);])],
670 AC_SUBST([TSS_LIBS], [-ltspi])
671 AC_SUBST([TSS_CFLAGS], [])
672 AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
677 *** trousers was not found. TPM support will be disabled.
683 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
685 for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do
686 if test -f "${l}/libtspi.so.1";then
687 default_trousers_lib="${l}/libtspi.so.1"
692 AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB],
693 [set the location of the trousers library]),
694 ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib)
696 if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then
699 *** unable to find trousers library, please specify with --with-trousers-lib=<lib file>
704 AC_DEFINE_UNQUOTED([TROUSERS_LIB], ["$ac_trousers_lib"], [the location of the trousers library])
705 AC_SUBST(TROUSERS_LIB)
707 AM_MISSING_PROG([AUTOGEN], [autogen])
710 if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
711 AC_MSG_CHECKING([whether autogen is recent enough])
712 if $PKG_CONFIG --atleast-version=41.1.16 autoopts 2>&1 >/dev/null; then
718 *** autogen not found. Will not link against system libopts.
720 dnl simulate specifying option on the command line
721 enable_local_libopts=yes
723 LIBOPTS_CHECK([src/libopts])
724 if test "$NEED_LIBOPTS_DIR" = "true";then
725 dnl replace libopts-generated files with distributed backups, if present
729 # Need to ensure the relevant conditionals get set
731 AM_CONDITIONAL([INSTALL_LIBOPTS],[false])
734 AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes")
736 AC_CHECK_TYPE(ssize_t,
738 DEFINE_SSIZE_T="#include <sys/types.h>"
739 AC_SUBST(DEFINE_SSIZE_T)
741 AC_DEFINE([NO_SSIZE_T], 1, [no ssize_t type was found])
742 DEFINE_SSIZE_T="typedef int ssize_t;"
743 AC_SUBST(DEFINE_SSIZE_T)
745 #include <sys/types.h>
749 AC_CHECK_SIZEOF(unsigned long int, 4)
750 AC_CHECK_SIZEOF(unsigned int, 4)
751 AC_CHECK_SIZEOF(time_t, 4)
753 # export for use in scripts
754 AC_SUBST(ac_cv_sizeof_time_t)
756 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
759 AC_ARG_WITH([default-trust-store-pkcs11],
760 [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
761 [use the given pkcs11 uri as default trust store])])
763 if test "x$with_default_trust_store_pkcs11" != x; then
764 if test "x$with_p11_kit" = xno; then
765 AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
767 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
768 ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
771 AM_CONDITIONAL([HAVE_PKCS11_TRUST_STORE], [test -n "${with_default_trust_store_pkcs11}"])
773 AC_ARG_WITH([default-trust-store-dir],
774 [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
775 [use the given directory as default trust store])])
777 if test "x$with_default_trust_store_dir" != x; then
778 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
779 ["$with_default_trust_store_dir"], [use the given directory as default trust store])
782 dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
783 AC_ARG_WITH([default-trust-store-file],
784 [AS_HELP_STRING([--with-default-trust-store-file=FILE],
785 [use the given file default trust store])], with_default_trust_store_file="$withval",
786 [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then
788 /etc/ssl/ca-bundle.pem \
789 /etc/ssl/certs/ca-certificates.crt \
790 /etc/pki/tls/cert.pem \
791 /usr/local/share/certs/ca-root-nss.crt \
794 if test -e "$i"; then
795 with_default_trust_store_file="$i"
802 if test "$with_default_trust_store_file" = "no";then
803 with_default_trust_store_file=""
806 AC_ARG_WITH([default-crl-file],
807 [AS_HELP_STRING([--with-default-crl-file=FILE],
808 [use the given CRL file as default])])
810 AC_ARG_WITH([default-blacklist-file],
811 [AS_HELP_STRING([--with-default-blacklist-file=FILE],
812 [use the given certificate blacklist file as default])])
814 if test "x$with_default_trust_store_file" != x; then
815 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
816 ["$with_default_trust_store_file"], [use the given file default trust store])
819 if test "x$with_default_crl_file" != x; then
820 AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
821 ["$with_default_crl_file"], [use the given CRL file])
824 if test "x$with_default_blacklist_file" != x; then
825 AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
826 ["$with_default_blacklist_file"], [use the given certificate blacklist file])
830 opt_guile_bindings=yes
831 AC_MSG_CHECKING([whether building Guile bindings])
833 AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
834 opt_guile_bindings=$enableval)
835 AC_MSG_RESULT($opt_guile_bindings)
837 AC_ARG_WITH([guile-site-dir],
838 [AS_HELP_STRING([--with-guile-site-dir],
839 [use the given directory as the Guile site (use with care)])])
841 if test "$opt_guile_bindings" = "yes"; then
843 *** Detecting GNU Guile...
846 AC_PATH_PROG([guile_snarf], [guile-snarf])
847 if test "x$guile_snarf" = "x"; then
848 AC_MSG_WARN([`guile-snarf' from Guile not found. Guile bindings not built.])
849 opt_guile_bindings=no
851 dnl Check for 'guild', which can be used to compile Scheme code
853 AC_PATH_PROG([GUILD], [guild])
859 save_CFLAGS="$CFLAGS"
861 CFLAGS="$CFLAGS $GUILE_CFLAGS"
862 LIBS="$LIBS $GUILE_LDFLAGS"
863 AC_MSG_CHECKING([whether GNU Guile is recent enough])
864 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
865 [], [opt_guile_bindings=no])
866 CFLAGS="$save_CFLAGS"
869 AC_MSG_CHECKING([the Guile effective version])
870 guile_effective_version="`$GUILE -c '(display (effective-version))'`"
871 AC_MSG_RESULT([$guile_effective_version])
873 if test "$opt_guile_bindings" = "yes"; then
875 case "x$with_guile_site_dir" in
877 # Use the default $(GUILE_SITE).
881 # Automatically derive $(GUILE_SITE) from $(pkgdatadir). This
882 # hack is used to allow `distcheck' to work (see
883 # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am').
884 GUILE_SITE="\$(datadir)/guile/site/$guile_effective_version"
888 # Use the user-specified directory as $(GUILE_SITE).
889 GUILE_SITE="$with_guile_site_dir"
893 AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
894 _gcc_cflags_save="$CFLAGS"
895 CFLAGS="${CFLAGS} -fgnu89-inline"
896 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
897 gnu89_inline=yes, gnu89_inline=no)
898 AC_MSG_RESULT($gnu89_inline)
899 CFLAGS="$_gcc_cflags_save"
901 # Optional Guile functions.
902 save_CFLAGS="$CFLAGS"
904 CFLAGS="$CFLAGS $GUILE_CFLAGS"
905 LIBS="$LIBS $GUILE_LDFLAGS"
906 AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
907 CFLAGS="$save_CFLAGS"
910 # The place where guile-gnutls.la will go.
911 guileextensiondir="$libdir/guile/$guile_effective_version"
912 AC_SUBST([guileextensiondir])
914 # The location of .go files.
915 guileobjectdir="$libdir/guile/$guile_effective_version/site-ccache"
916 AC_SUBST([guileobjectdir])
919 AC_MSG_WARN([A sufficiently recent GNU Guile not found. Guile bindings not built.])
920 opt_guile_bindings=no
925 AM_CONDITIONAL([HAVE_GUILE], [test "$opt_guile_bindings" = "yes"])
926 AM_CONDITIONAL([HAVE_GUILD], [test "x$GUILD" != "x"])
928 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
929 LIBGNUTLS_CFLAGS="-I${includedir}"
930 AC_SUBST(LIBGNUTLS_LIBS)
931 AC_SUBST(LIBGNUTLS_CFLAGS)
933 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
935 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
936 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
938 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
939 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
940 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
942 dnl Some variables needed in makefiles
944 AC_SUBST([YEAR], $YEAR)
946 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
950 doc/credentials/Makefile
951 doc/credentials/srp/Makefile
952 doc/credentials/x509/Makefile
955 doc/examples/Makefile
957 doc/manpages/Makefile
958 doc/reference/Makefile
959 doc/reference/version.xml
962 extra/includes/Makefile
964 libdane/includes/Makefile
965 libdane/gnutls-dane.pc
971 lib/accelerated/Makefile
972 lib/accelerated/x86/Makefile
973 lib/accelerated/aarch64/Makefile
974 lib/algorithms/Makefile
979 lib/includes/Makefile
980 lib/includes/gnutls/gnutls.h
981 lib/minitasn1/Makefile
984 lib/unistring/Makefile
989 tests/windows/Makefile
990 tests/cert-tests/Makefile
998 dnl Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
999 AC_MSG_NOTICE([summary of build options:
1001 version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
1002 Host/Target system: ${host}
1003 Build system: ${build}
1004 Install prefix: ${prefix}
1006 Valgrind: $opt_valgrind_tests ${VALGRIND}
1008 Library types: Shared=${enable_shared}, Static=${enable_static}
1009 Local libopts: ${included_libopts}
1010 Local libtasn1: ${included_libtasn1}
1011 Local unistring: ${included_unistring}
1012 Use nettle-mini: ${mini_nettle}
1013 Documentation: ${enable_doc} (manpages: ${enable_manpages})
1016 AC_MSG_NOTICE([External hardware support:
1018 /dev/crypto: $enable_cryptodev
1019 Hardware accel: $hw_accel
1020 Padlock accel: $use_padlock
1021 Random gen. variant: $rnd_variant
1022 PKCS#11 support: $with_p11_kit
1023 TPM support: $with_tpm
1025 if test -n "$ac_trousers_lib";then
1027 TPM library: $ac_trousers_lib
1031 AC_MSG_NOTICE([Optional features:
1032 (note that included applications might not compile properly
1033 if features are disabled)
1035 SSL3.0 support: $ac_enable_ssl3
1036 SSL2.0 client hello: $ac_enable_ssl2
1037 Allow SHA1 sign: $ac_allow_sha1
1038 DTLS-SRTP support: $ac_enable_srtp
1039 ALPN support: $ac_enable_alpn
1040 OCSP support: $ac_enable_ocsp
1041 SRP support: $ac_enable_srp
1042 PSK support: $ac_enable_psk
1043 DHE support: $ac_enable_dhe
1044 ECDHE support: $ac_enable_ecdhe
1045 GOST support: $ac_enable_gost
1046 Anon auth support: $ac_enable_anon
1047 Heartbeat support: $ac_enable_heartbeat
1048 IDNA support: $idna_support
1049 Non-SuiteB curves: $enable_non_suiteb
1050 FIPS140 mode: $enable_fips
1053 AC_MSG_NOTICE([Optional libraries:
1055 Guile wrappers: $opt_guile_bindings
1056 C++ library: $use_cxx
1057 DANE library: $enable_dane
1058 OpenSSL compat: $enable_openssl
1061 AC_MSG_NOTICE([System files:
1063 Trust store pkcs11: $with_default_trust_store_pkcs11
1064 Trust store dir: $with_default_trust_store_dir
1065 Trust store file: $with_default_trust_store_file
1066 Blacklist file: $with_default_blacklist_file
1067 CRL file: $with_default_crl_file
1068 Priority file: $system_priority_file
1069 DNSSEC root key file: $unbound_root_key_file
1072 if test ! -f "$unbound_root_key_file"; then
1075 *** The DNSSEC root key file in $unbound_root_key_file was not found.
1076 *** This file is needed for the verification of DNSSEC responses.
1077 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
1078 *** to generate or update it.
1082 if test "${enable_static}" != no;then
1084 *** GnuTLS will be build as a static library. That means that library
1085 *** constructors for gnutls_global_init will not be made available to
1086 *** linking applications. If you are building that library for arbitrary
1087 *** applications to link, do not enable static linking.
1091 if test "$enable_fuzzer_target" != "no";then
1093 *** This version of the library is for fuzzying purposes and is intentionally broken!