git.samba.org - gd/gnutls/blob - configure.ac

   1 dnl Process this file with autoconf to produce a configure script.
   2 # Copyright (C) 2000-2012, 2016 Free Software Foundation, Inc.
   3 #
   4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
   5 #
   6 # This file is part of GnuTLS.
   7 #
   8 # This program is free software; you can redistribute it and/or modify
   9 # it under the terms of the GNU General Public License as published by
  10 # the Free Software Foundation; either version 3 of the License, or
  11 # (at your option) any later version.
  12 #
  13 # This program is distributed in the hope that it will be useful, but
  14 # WITHOUT ANY WARRANTY; without even the implied warranty of
  15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16 # General Public License for more details.
  17 #
  18 # You should have received a copy of the GNU General Public License
  19 # along with this program; if not, write to the Free Software
  20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
  21 # USA
  22
  23 AC_PREREQ(2.63)
  24
  25 dnl when updating version also update LT_REVISION in m4/hooks.m4
  26 AC_INIT([GnuTLS], [3.6.8], [bugs@gnutls.org])
  27 AC_CONFIG_AUX_DIR([build-aux])
  28 AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4])
  29 AC_CANONICAL_HOST
  30
  31 AM_INIT_AUTOMAKE([1.12.2 foreign subdir-objects no-dist-gzip dist-xz -Wall -Wno-override])
  32 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
  33 AC_CONFIG_HEADERS([config.h])
  34
  35 AC_MSG_RESULT([***
  36 *** Checking for compilation programs...
  37 ])
  38
  39 dnl Checks for programs.
  40 PKG_PROG_PKG_CONFIG
  41 AC_PROG_CC
  42 gl_EARLY
  43 ggl_EARLY
  44 unistring_EARLY
  45 AM_PROG_AS
  46 AM_PROG_AR
  47 AC_PROG_CXX
  48 AM_PROG_CC_C_O
  49 AC_PROG_YACC
  50 AC_PROG_SED
  51
  52 AC_USE_SYSTEM_EXTENSIONS
  53
  54 #
  55 # Require C99 support
  56 #
  57 AC_PROG_CC_C99
  58 if test "$ac_cv_prog_cc_c99" = "no"; then
  59   AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])
  60 fi
  61
  62 AX_CODE_COVERAGE
  63
  64 AM_MAINTAINER_MODE([enable])
  65
  66 AC_ARG_ENABLE(bash-tests,
  67   AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]),
  68     enable_bash_tests=$enableval, enable_bash_tests=yes)
  69 AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes")
  70
  71 AC_ARG_ENABLE(doc,
  72   AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
  73     enable_doc=$enableval, enable_doc=yes)
  74 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
  75
  76 AC_ARG_ENABLE(manpages,
  77   AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
  78     enable_manpages=$enableval,enable_manpages=auto)
  79
  80 if test "${enable_manpages}" = "auto";then
  81   enable_manpages="${enable_doc}"
  82 fi
  83
  84 AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
  85
  86 AC_ARG_ENABLE(tools,
  87   AS_HELP_STRING([--disable-tools], [don't compile any tools]),
  88     enable_tools=$enableval, enable_tools=yes)
  89 AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no")
  90
  91 # For includes/gnutls/gnutls.h.in.
  92 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
  93 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
  94 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
  95 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
  96
  97 dnl C and C++ capabilities
  98 AC_C_INLINE
  99 AC_HEADER_STDC
 100
 101 # For the C++ code
 102 AC_ARG_ENABLE(cxx,
 103   AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
 104     use_cxx=$enableval, use_cxx=yes)
 105 if test "$use_cxx" != "no"; then
 106   AC_LANG_PUSH(C++)
 107   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
 108   AC_LANG_POP(C++)
 109 fi
 110 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
 111
 112 dnl Detect windows build
 113 use_accel=yes
 114 case "$host" in
 115   *android*)
 116     have_android=yes
 117     have_elf=yes
 118   ;;
 119   *mingw32* | *mingw64*)
 120     have_win=yes
 121     AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
 122   ;;
 123   *darwin*)
 124     have_macosx=yes
 125     save_LDFLAGS="$LDFLAGS"
 126     dnl Try to use -no_weak_imports if available. This makes sure we
 127     dnl error out when linking to a function that doesn't exist in the
 128     dnl intended minimum runtime version.
 129     LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
 130     AC_MSG_CHECKING([whether the linker supports -Wl,-no_weak_imports])
 131     AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
 132       [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); LDFLAGS="$save_LDFLAGS"])
 133   ;;
 134   *solaris*)
 135     have_elf=yes
 136     use_accel=no
 137     AC_MSG_WARN([[
 138 ***
 139 *** In solaris hardware acceleration is disabled by default due to issues
 140 *** with the assembler. Use --enable-hardware-acceleration to enable it.
 141 *** ]])
 142   ;;
 143   *)
 144     have_elf=yes
 145   ;;
 146 esac
 147
 148 AM_CONDITIONAL(ANDROID, test "$have_android" = yes)
 149 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
 150 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
 151 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
 152
 153 dnl Hardware Acceleration
 154 AC_ARG_ENABLE(hardware-acceleration,
 155   AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
 156     use_accel=$enableval)
 157 hw_accel=none
 158
 159
 160 use_padlock=no
 161 if test "$use_accel" != "no"; then
 162 case $host_cpu in
 163   armv8 | aarch64)
 164       hw_accel="aarch64"
 165       case $host_os in
 166         *_ilp32)
 167           dnl ILP32 not supported in assembler yet
 168           hw_accel="none"
 169         ;;
 170       esac
 171   ;;
 172   i?86 | x86_64 | amd64)
 173       AC_CHECK_HEADERS(cpuid.h)
 174       if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
 175         hw_accel="x86-64"
 176       else
 177         hw_accel="x86"
 178       fi
 179       use_padlock=yes
 180   ;;
 181   *)
 182   ;;
 183 esac
 184
 185 fi
 186
 187 AC_ARG_ENABLE(tls13-interop,
 188   AS_HELP_STRING([--disable-tls13-interop], [disable TLS1.3 interoperability testing with openssl]),
 189     enable_tls13_interop=$enableval, enable_tls13_interop=yes)
 190
 191 AM_CONDITIONAL(ENABLE_TLS13_INTEROP, test "$enable_tls13_interop" != "no")
 192
 193 dnl Check for iovec type
 194 AC_CHECK_MEMBERS([struct iovec.iov_base],
 195       [
 196         AC_SUBST([DEFINE_IOVEC_T], ["#include <sys/uio.h>
 197 typedef struct iovec giovec_t;"])
 198       ],
 199       [
 200         AC_SUBST([DEFINE_IOVEC_T], ["typedef struct {
 201     void *iov_base;
 202     size_t iov_len;
 203 } giovec_t;"])
 204       ],
 205       [#include <sys/uio.h>
 206       ])
 207 AM_SUBST_NOTMAKE([DEFINE_IOVEC_T])
 208
 209 dnl Need netinet/tcp.h for TCP_FASTOPEN
 210 AC_CHECK_HEADERS([netinet/tcp.h])
 211 AC_CHECK_HEADERS([stdatomic.h])
 212
 213 dnl This ensures that we link with the right library for atomic operations on Linux SPARC
 214 save_LIBS=$LIBS
 215 AC_SEARCH_LIBS([__atomic_load_4], [atomic], [], [AC_MSG_NOTICE([Could not detect libatomic])])
 216 LIBS=$save_LIBS
 217
 218 AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_search___atomic_load_4" = "no"],
 219       [AC_SUBST([LIBATOMIC_LIBS], [])],
 220       [AC_SUBST([LIBATOMIC_LIBS], [$ac_cv_search___atomic_load_4])])
 221
 222 dnl We use its presence to detect C11 threads
 223 AC_CHECK_HEADERS([threads.h])
 224
 225 AC_ARG_ENABLE(padlock,
 226   AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
 227     use_padlock=$enableval)
 228
 229 if test "$use_padlock" != "no"; then
 230     AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
 231     AC_SUBST([ENABLE_PADLOCK])
 232 fi
 233 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
 234 AM_CONDITIONAL(ASM_AARCH64, test x"$hw_accel" = x"aarch64")
 235 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
 236 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
 237 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
 238 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
 239 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
 240
 241 dnl check for getrandom()
 242 rnd_variant="auto-detect"
 243 AC_MSG_CHECKING([for getrandom])
 244 AC_LINK_IFELSE([AC_LANG_PROGRAM([
 245            #include <sys/random.h>],[
 246                    getrandom(0, 0, 0);
 247                   ])],
 248                   [AC_MSG_RESULT(yes)
 249                    AC_DEFINE([HAVE_GETRANDOM], 1, [Enable the Linux getrandom function])
 250                    rnd_variant=getrandom],
 251                   [AC_MSG_RESULT(no)])
 252
 253 AC_MSG_CHECKING([for getentropy])
 254 AC_LINK_IFELSE([AC_LANG_PROGRAM([
 255            #include <unistd.h>
 256            #ifdef __APPLE__
 257            #include <sys/random.h>
 258            #endif
 259            #ifdef __linux__
 260            #error 1
 261            #endif
 262            ],[
 263                    getentropy(0, 0);
 264                   ])],
 265                   [AC_MSG_RESULT(yes)
 266                    AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
 267                    rnd_variant=getentropy],
 268                   [AC_MSG_RESULT(no)])
 269
 270 AM_CONDITIONAL(HAVE_GETENTROPY, test "$rnd_variant" = "getentropy")
 271
 272 dnl Try the hooks.m4
 273 LIBGNUTLS_HOOKS
 274 LIBGNUTLS_EXTRA_HOOKS
 275
 276 AC_ARG_ENABLE(tests,
 277   AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
 278     enable_tests=$enableval, enable_tests=$enable_tools)
 279 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
 280
 281 AC_ARG_ENABLE(fuzzer-target,
 282   AS_HELP_STRING([--enable-fuzzer-target], [make a library intended for testing - not production]),
 283     enable_fuzzer_target=$enableval, enable_fuzzer_target=no)
 284 if test "$enable_fuzzer_target" != "no";then
 285         AC_DEFINE([FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], 1, [Enable fuzzer target -not for production])
 286 fi
 287
 288 dnl
 289 dnl check for gtk-doc
 290 dnl
 291 m4_ifdef([GTK_DOC_CHECK], [
 292 GTK_DOC_CHECK([1.14],[--flavour no-tmpl])
 293 ],[
 294 AM_CONDITIONAL([ENABLE_GTK_DOC], false)
 295 ])
 296 # needed for some older versions of gtk-doc
 297 m4_ifdef([GTK_DOC_USE_LIBTOOL], [], [
 298 AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], false)
 299 ])
 300
 301 AM_GNU_GETTEXT([external])
 302 AM_GNU_GETTEXT_VERSION([0.19])
 303
 304 AC_C_BIGENDIAN
 305
 306 dnl No fork on MinGW, disable some self-tests until we fix them.
 307 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
 308 AC_CHECK_FUNCS([fork setitimer getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero],,)
 309 dnl Manually check some functions by including headers first. On macOS, you
 310 dnl normally only have the latest SDK available, containing all existing
 311 dnl functions, but having them restricted according to target version in
 312 dnl headers. If we bypass the headers and just try linking (as AC_CHECK_FUNCS
 313 dnl does), we will accidentally detect functions which we shouldn't use. Set
 314 dnl ac_cv_func_* as well, to avoid later AC_CHECK_FUNCS from other included
 315 dnl scripts from overriding it.
 316 AC_MSG_CHECKING([for clock_gettime])
 317 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <time.h>], [clock_gettime(0, 0);])],
 318   [AC_MSG_RESULT(yes); ac_cv_func_clock_gettime=yes
 319   AC_DEFINE([HAVE_CLOCK_GETTIME], 1, [Define to 1 if you have the `clock_gettime' function.])],
 320   [AC_MSG_RESULT(no); ac_cv_func_clock_gettime=no])
 321 AC_MSG_CHECKING([for fmemopen])
 322 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fmemopen(0, 0, 0);])],
 323   [AC_MSG_RESULT(yes); ac_cv_func_fmemopen=yes
 324   AC_DEFINE([HAVE_FMEMOPEN], 1, [Define to 1 if you have the `fmemopen' function.])],
 325   [AC_MSG_RESULT(no); ac_cv_func_fmemopen=no])
 326
 327 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
 328
 329 AC_CHECK_FUNCS([__register_atfork secure_getenv getauxval],,)
 330
 331 AC_ARG_ENABLE(seccomp-tests,
 332   AS_HELP_STRING([--enable-seccomp-tests], [unconditionally enable tests with seccomp]),
 333     seccomp_tests=$enableval, seccomp_tests=no)
 334
 335 AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes")
 336
 337 # check for libseccomp - used in test programs
 338 AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include <seccomp.h>
 339 ], [seccomp_init(0);])
 340
 341 # check for libcrypto - used in test programs
 342 AC_LIB_HAVE_LINKFLAGS(crypto,, [#include <openssl/evp.h>
 343 ], [EVP_CIPHER_CTX_init(NULL);])
 344
 345 AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes")
 346
 347 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
 348 #include <signal.h>
 349 ], [timer_create (0,0,0);])
 350
 351 if test "$have_win" != "yes";then
 352   AC_CHECK_FUNCS([pthread_mutex_lock],,)
 353   if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
 354     AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
 355   fi
 356 fi
 357
 358 if test "$ac_cv_func_nanosleep" != "yes";then
 359   AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
 360   gnutls_needs_librt=yes
 361 fi
 362
 363 if test "$ac_cv_func_clock_gettime" != "yes";then
 364   AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
 365   gnutls_needs_librt=yes
 366 fi
 367
 368 AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring],
 369                                  [disable linking with system libunistring]),
 370             included_unistring="$withval",
 371             included_unistring=no)
 372
 373 if test "$included_unistring" = yes;then
 374   ac_have_unistring=no
 375 else
 376   save_LIBS=$LIBS
 377   AC_SEARCH_LIBS(u8_normalize, unistring, [
 378     included_unistring=no
 379     ac_have_unistring=yes
 380     AC_SUBST([LIBUNISTRING], [$ac_cv_search_u8_normalize])
 381   ], [
 382     ac_cv_libunistring=no
 383     AC_MSG_ERROR([[
 384   ***
 385   *** Libunistring was not found. To use the included one, use --with-included-unistring
 386     ]])
 387   ])
 388   LIBS=$save_LIBS
 389 fi
 390
 391 AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes")
 392
 393 dnl Note that g*l_INIT are run after we check for library capabilities,
 394 dnl to prevent issues from caching lib dependencies. See discussion
 395 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
 396 dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
 397 gl_INIT
 398 ggl_INIT
 399 unistring_INIT
 400
 401 # disable the extended test suite at tests/suite if asked, or if we are not running in git master
 402 AC_ARG_ENABLE(full-test-suite,
 403   AS_HELP_STRING([--disable-full-test-suite], [disable running very slow components of test suite]),
 404     full_test_suite=$enableval, full_test_suite=yes)
 405
 406 # test if we are in git master or in release build. In release
 407 # builds we do not use valgrind.
 408 SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c"
 409 if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then
 410         full_test_suite=no
 411 fi
 412
 413 AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes")
 414
 415 dnl GCC warnings to enable
 416
 417 AC_ARG_ENABLE([gcc-warnings],
 418   [AS_HELP_STRING([--disable-gcc-warnings],
 419                   [turn off lots of GCC warnings (for developers)])],
 420   [case $enableval in
 421      yes|no) ;;
 422      *)      AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
 423    esac
 424    gl_gcc_warnings=$enableval],
 425   [gl_gcc_warnings=yes]
 426 )
 427
 428 if test "$gl_gcc_warnings" = yes; then
 429   gl_WARN_ADD([-Wtype-limits], [WSTACK_CFLAGS])
 430
 431   nw="$nw -Wsystem-headers"         # Don't let system headers trigger warnings
 432   nw="$nw -Wc++-compat"             # We don't care about C++ compilers
 433   nw="$nw -Wundef"                  # Warns on '#if GNULIB_FOO' etc in gnulib
 434   nw="$nw -Wtraditional"            # Warns on #elif which we use often
 435   nw="$nw -Wpadded"                 # Our structs are not padded
 436   nw="$nw -Wtraditional-conversion" # Too many warnings for now
 437   nw="$nw -Wswitch-default"         # Too many warnings for now
 438   nw="$nw -Wformat-y2k"             # Too many warnings for now
 439   nw="$nw -Woverlength-strings"     # We use some in tests/
 440   nw="$nw -Wvla"                    # There is no point to avoid C99 variable length arrays
 441   nw="$nw -Wformat-nonliteral"      # Incompatible with gettext _()
 442   nw="$nw -Wformat-signedness"      # Too many to handle
 443   nw="$nw -Wstrict-overflow"
 444   nw="$nw -Wmissing-noreturn"
 445   nw="$nw -Winline"                 # Too compiler dependent
 446   nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
 447   nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
 448   nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
 449   nw="$nw -Wstack-protector"        # Some functions cannot be protected
 450   nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point
 451   nw="$nw -Wredundant-decls"        # Some files cannot be compiled with that (gl_fd_to_handle)
 452
 453   gl_MANYWARN_ALL_GCC([ws])
 454   gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
 455   for w in $ws; do
 456     gl_WARN_ADD([$w])
 457   done
 458   gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
 459   gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
 460   gl_WARN_ADD([-Wno-format-truncation]) # Many warnings with no point
 461   gl_WARN_ADD([-Wimplicit-fallthrough=2])
 462   gl_WARN_ADD([-Wabi=11])
 463   gl_WARN_ADD([-fdiagnostics-show-option])
 464 fi
 465
 466 AC_SUBST([WERROR_CFLAGS])
 467 AC_SUBST([WSTACK_CFLAGS])
 468 AC_SUBST([WARN_CFLAGS])
 469
 470 dnl Programs for compilation or development
 471 AC_PROG_LN_S
 472 LT_INIT([disable-static,win32-dll,shared])
 473
 474
 475
 476 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
 477
 478 AC_ARG_ENABLE(fips140-mode,
 479   AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
 480     enable_fips=$enableval, enable_fips=no)
 481 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
 482 if [ test "$enable_fips" = "yes" ];then
 483   if test "x$HAVE_LIBDL" = "xyes";then
 484     AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
 485     AC_SUBST([FIPS140_LIBS], $LIBDL)
 486     AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
 487                                  [specify the FIPS140 HMAC key for integrity]),
 488             fips_key="$withval",
 489             fips_key="orboDeJITITejsirpADONivirpUkvarP")
 490
 491     AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
 492   else
 493     enable_fips=no
 494     AC_MSG_WARN([[
 495 ***
 496 *** This system is not supported in FIPS140 mode.
 497 *** libdl and dladdr() are required.
 498 *** ]])
 499   fi
 500 fi
 501
 502 PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no])
 503 AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no")
 504
 505 AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],
 506                                 [disable support for IDNA]),
 507             try_libidn2="$withval",
 508             try_libidn2=yes)
 509
 510 idna_support=no
 511 with_libidn2=no
 512
 513 if test "$try_libidn2" = yes;then
 514     save_LIBS=$LIBS
 515     AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [
 516       with_libidn2=yes;
 517       idna_support="IDNA 2008 (libidn2)"
 518       AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.])
 519       AC_SUBST([LIBIDN2_CFLAGS], [])
 520       AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in
 521 dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private)
 522 dnl      if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
 523 dnl        GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
 524 dnl      else
 525 dnl        GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
 526 dnl      fi
 527     ],[
 528       with_libidn2=no;
 529       AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support)
 530     ])
 531     LIBS=$save_LIBS
 532 else
 533   with_libidn2=no
 534 fi
 535
 536 AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")
 537
 538 AC_ARG_ENABLE(non-suiteb-curves,
 539   AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
 540     enable_non_suiteb=$enableval, enable_non_suiteb=yes)
 541
 542 if test "$enable_non_suiteb" = "yes";then
 543         dnl nettle_secp_192r1 is not really a function
 544         AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
 545
 546         if test "$enable_non_suiteb" = "yes";then
 547                 AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
 548         fi
 549 fi
 550 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
 551
 552 # We MUST require a Nettle version that has rsa_sec_decrypt now.
 553 save_LIBS=$LIBS
 554 LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS"
 555 AC_CHECK_FUNCS(nettle_rsa_sec_decrypt,
 556     [],
 557     [AC_MSG_ERROR([Nettle lacks the required rsa_sec_decrypt function])]
 558 )
 559 LIBS=$save_LIBS
 560
 561 # Check if nettle has CFB8 support
 562 save_LIBS=$LIBS
 563 LIBS="$LIBS $NETTLE_LIBS"
 564 AC_CHECK_FUNCS(nettle_cfb8_encrypt)
 565 LIBS=$save_LIBS
 566
 567 # Check if nettle has CMAC support
 568 save_LIBS=$LIBS
 569 LIBS="$LIBS $NETTLE_LIBS"
 570 AC_CHECK_FUNCS(nettle_cmac128_update)
 571 LIBS=$save_LIBS
 572
 573 # Check if nettle has XTS support
 574 save_LIBS=$LIBS
 575 LIBS="$LIBS $NETTLE_LIBS"
 576 AC_CHECK_FUNCS(xts_encrypt_message)
 577 LIBS=$save_LIBS
 578
 579
 580 AC_MSG_CHECKING([whether to build libdane])
 581 AC_ARG_ENABLE(libdane,
 582     AS_HELP_STRING([--disable-libdane],
 583                    [disable the built of libdane]),
 584     enable_dane=$enableval, enable_dane=yes)
 585 AC_MSG_RESULT($enable_dane)
 586
 587 if test "$enable_dane" != "no"; then
 588     LIBS="$oldlibs -lunbound"
 589     AC_MSG_CHECKING([for unbound library])
 590     AC_LINK_IFELSE([AC_LANG_PROGRAM([
 591                    #include <unbound.h>],[
 592                    struct ub_ctx* ctx;
 593                    ctx = ub_ctx_create();])],
 594                   [AC_MSG_RESULT(yes)
 595                    AC_SUBST([UNBOUND_LIBS], [-lunbound])
 596                    AC_SUBST([UNBOUND_CFLAGS], [])
 597                    AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
 598                    enable_dane=yes],
 599                   [AC_MSG_RESULT(no)
 600                    AC_MSG_WARN([[
 601 ***
 602 *** libunbound was not found. Libdane will not be built.
 603 *** ]])
 604                   enable_dane=no])
 605     LIBS="$oldlibs"
 606 fi
 607
 608 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
 609
 610 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
 611                                  [specify the unbound root key file]),
 612             unbound_root_key_file="$withval",
 613 if test "$have_win" = yes; then
 614     unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
 615 else
 616     if test -f /var/lib/unbound/root.key;then
 617         unbound_root_key_file="/var/lib/unbound/root.key"
 618     else
 619         if test -f /usr/share/dns/root.key;then
 620             unbound_root_key_file="/usr/share/dns/root.key"
 621         else
 622             unbound_root_key_file="/etc/unbound/root.key"
 623         fi
 624     fi
 625 fi
 626 )
 627
 628 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
 629   ["$unbound_root_key_file"], [The DNSSEC root key file])
 630
 631 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
 632                                  [specify the system priority file]),
 633             system_priority_file="$withval",
 634 system_priority_file="/etc/gnutls/default-priorities"
 635 )
 636
 637 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
 638   ["$system_priority_file"], [The system priority file])
 639
 640 AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string],
 641                                  [specify the default priority string (e.g. @SYSTEM)]),
 642             prio_string="$withval",
 643             prio_string="NORMAL")
 644
 645 AC_DEFINE_UNQUOTED([DEFAULT_PRIORITY_STRING], ["$prio_string"], [The default priority string])
 646
 647 dnl Check for p11-kit
 648 P11_KIT_MINIMUM=0.23.1
 649 AC_ARG_WITH(p11-kit,
 650         AS_HELP_STRING([--without-p11-kit],
 651                 [Build without p11-kit and PKCS#11 support]))
 652 if test "$with_p11_kit" != "no"; then
 653         PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
 654         if test "$with_p11_kit" != "no";then
 655                 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
 656                 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
 657                         GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
 658                 else
 659                         GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
 660                 fi
 661         else
 662                 with_p11_kit=no
 663                 AC_MSG_ERROR([[
 664 ***
 665 *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
 666 *** use --without-p11-kit, otherwise you may get p11-kit from
 667 *** https://p11-glue.freedesktop.org/p11-kit.html
 668 *** ]])
 669         fi
 670 fi
 671
 672 AM_CONDITIONAL(P11KIT_0_23_11_API, $PKG_CONFIG --atleast-version=0.23.11 p11-kit-1)
 673
 674 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
 675
 676 AC_ARG_WITH(tpm,
 677         AS_HELP_STRING([--without-tpm],
 678                 [Disable TPM (trousers) support.]),
 679                 [with_tpm=$withval], [with_tpm=yes])
 680 if test "$with_tpm" != "no"; then
 681     LIBS="$oldlibs -ltspi"
 682     AC_MSG_CHECKING([for tss library])
 683     AC_LINK_IFELSE([AC_LANG_PROGRAM([
 684                    #include <trousers/tss.h>
 685                    #include <trousers/trousers.h>],[
 686                    int err = Tspi_Context_Create((void *)0);
 687                    Trspi_Error_String(err);])],
 688                   [AC_MSG_RESULT(yes)
 689                    AC_SUBST([TSS_LIBS], [-ltspi])
 690                    AC_SUBST([TSS_CFLAGS], [])
 691                    AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
 692                    with_tpm=yes],
 693                   [AC_MSG_RESULT(no)
 694                    AC_MSG_WARN([[
 695 ***
 696 *** trousers was not found. TPM support will be disabled.
 697 *** ]])
 698                   with_tpm=no])
 699     LIBS="$oldlibs"
 700 fi
 701
 702 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
 703
 704 for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do
 705     if test -f "${l}/libtspi.so.1";then
 706         default_trousers_lib="${l}/libtspi.so.1"
 707         break
 708     fi
 709 done
 710
 711 AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB],
 712                                  [set the location of the trousers library]),
 713             ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib)
 714
 715 if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then
 716     AC_MSG_ERROR([[
 717   ***
 718   *** unable to find trousers library, please specify with --with-trousers-lib=<lib file>
 719   ***
 720   ]])
 721 fi
 722
 723 AC_DEFINE_UNQUOTED([TROUSERS_LIB], ["$ac_trousers_lib"], [the location of the trousers library])
 724 AC_SUBST(TROUSERS_LIB)
 725
 726 AM_MISSING_PROG([AUTOGEN], [autogen])
 727
 728 included_libopts=no
 729 if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
 730         AC_CHECK_PROGS([autogen], [autogen])
 731
 732         if test -z "$autogen"; then
 733                 AC_MSG_WARN([[
 734 ***
 735 *** autogen not found. Will not link against system libopts.
 736 *** ]])
 737                 dnl simulate specifying option on the command line
 738                 included_libopts=yes
 739         fi
 740         LIBOPTS_CHECK([src/libopts])
 741         if test "$NEED_LIBOPTS_DIR" = "true";then
 742                 dnl replace libopts-generated files with distributed backups, if present
 743                 included_libopts=yes
 744         fi
 745 else
 746         # Need to ensure the relevant conditionals get set
 747         gl_STDNORETURN_H
 748         AM_CONDITIONAL([INSTALL_LIBOPTS],[false])
 749 fi
 750
 751 AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes")
 752
 753 # For minitasn1.
 754 AC_CHECK_SIZEOF(unsigned long int, 4)
 755 AC_CHECK_SIZEOF(unsigned int, 4)
 756 AC_CHECK_SIZEOF(time_t, 4)
 757
 758 # export for use in scripts
 759 AC_SUBST(ac_cv_sizeof_time_t)
 760
 761 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
 762
 763
 764 AC_ARG_WITH([default-trust-store-pkcs11],
 765   [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
 766     [use the given pkcs11 uri as default trust store])])
 767
 768 if test "x$with_default_trust_store_pkcs11" != x; then
 769   if test "x$with_p11_kit" = xno; then
 770     AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
 771   fi
 772   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
 773     ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
 774 fi
 775
 776 AM_CONDITIONAL([HAVE_PKCS11_TRUST_STORE], [test -n "${with_default_trust_store_pkcs11}"])
 777
 778 AC_ARG_WITH([default-trust-store-dir],
 779   [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
 780     [use the given directory as default trust store])])
 781
 782 if test "x$with_default_trust_store_dir" != x; then
 783   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
 784     ["$with_default_trust_store_dir"], [use the given directory as default trust store])
 785 fi
 786
 787 dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
 788 AC_ARG_WITH([default-trust-store-file],
 789   [AS_HELP_STRING([--with-default-trust-store-file=FILE],
 790     [use the given file default trust store])], with_default_trust_store_file="$withval",
 791   [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then
 792   for i in \
 793     /etc/ssl/ca-bundle.pem \
 794     /etc/ssl/certs/ca-certificates.crt \
 795     /etc/pki/tls/cert.pem \
 796     /usr/local/share/certs/ca-root-nss.crt \
 797     /etc/ssl/cert.pem
 798     do
 799     if test -e "$i"; then
 800       with_default_trust_store_file="$i"
 801       break
 802     fi
 803   done
 804   fi]
 805 )
 806
 807 if test "$with_default_trust_store_file" = "no";then
 808   with_default_trust_store_file=""
 809 fi
 810
 811 AC_ARG_WITH([default-crl-file],
 812   [AS_HELP_STRING([--with-default-crl-file=FILE],
 813     [use the given CRL file as default])])
 814
 815 AC_ARG_WITH([default-blacklist-file],
 816   [AS_HELP_STRING([--with-default-blacklist-file=FILE],
 817     [use the given certificate blacklist file as default])])
 818
 819 if test "x$with_default_trust_store_file" != x; then
 820   AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
 821     ["$with_default_trust_store_file"], [use the given file default trust store])
 822 fi
 823
 824 if test "x$with_default_crl_file" != x; then
 825   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
 826     ["$with_default_crl_file"], [use the given CRL file])
 827 fi
 828
 829 if test "x$with_default_blacklist_file" != x; then
 830   AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
 831     ["$with_default_blacklist_file"], [use the given certificate blacklist file])
 832 fi
 833
 834 dnl Guile bindings.
 835 AC_MSG_CHECKING([whether building Guile bindings])
 836 AC_ARG_ENABLE(guile,
 837         AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
 838                 [opt_guile_bindings=$enableval], [opt_guile_bindings=yes])
 839 AC_MSG_RESULT($opt_guile_bindings)
 840
 841 AC_ARG_WITH([guile-site-dir], AS_HELP_STRING([--with-guile-site-dir=DIR],
 842     [guile site directory for gnutls, default is guile system settings]),
 843     [guilesitedir="${withval}"], [guilesitedir='$(GUILE_SITE)'])
 844 AC_ARG_WITH([guile-site-ccache-dir], AS_HELP_STRING([--with-guile-site-ccache-dir=DIR],
 845     [guile ccache directory for gnutls, default is guile system settings]),
 846     [guilesiteccachedir="${withval}"], [guilesiteccachedir='$(GUILE_SITE_CCACHE)'])
 847 AC_ARG_WITH([guile-extension-dir], AS_HELP_STRING([--with-guile-extension-dir=DIR],
 848     [guile extension directory for gnutls, default is guile system settings]),
 849     [guileextensiondir="${withval}"], [guileextensiondir='$(GUILE_EXTENSION)'])
 850 AC_SUBST([guilesitedir])
 851 AC_SUBST([guilesiteccachedir])
 852 AC_SUBST([guileextensiondir])
 853
 854 if test "$opt_guile_bindings" = "yes"; then
 855    AC_MSG_RESULT([***
 856 *** Detecting GNU Guile...
 857 ])
 858
 859    AC_PATH_PROG([guile_snarf], [guile-snarf])
 860    if test "x$guile_snarf" = "x"; then
 861       AC_MSG_WARN([`guile-snarf' from Guile not found.  Guile bindings not built.])
 862       opt_guile_bindings=no
 863    else
 864       dnl Check for 'guild', which can be used to compile Scheme code
 865       dnl on Guile 2.x.
 866       AC_PATH_PROG([GUILD], [guild])
 867       AC_SUBST([GUILD])
 868
 869       GUILE_PKG
 870       GUILE_PROGS
 871       GUILE_SITE_DIR
 872       GUILE_FLAGS
 873
 874       # Backward compatibility with <guile-2.2 m4 macro that is used
 875       # due to autreconf of several CI machine.
 876       # We need to guess the locations of ccache and extension
 877       if test -z "${GUILE_SITE_CCACHE}"; then
 878           AC_MSG_NOTICE([Found <guile-2.2 m4, macro emulating])
 879
 880           AC_MSG_CHECKING([for GUILE_SITE_CCACHE via pkg-config])
 881           GUILE_SITE_CCACHE=`$PKG_CONFIG --variable=siteccachedir guile-$GUILE_EFFECTIVE_VERSION`
 882           AC_MSG_RESULT([${GUILE_SITE_CCACHE}])
 883           if test -z "${GUILE_SITE_CCACHE}"; then
 884                   AC_MSG_CHECKING([for GUILE_SITE_CCACHE via guile])
 885                   GUILE_SITE_CCACHE=`$GUILE -c "(display (if (defined? '%site-ccache-dir) (%site-ccache-dir) \"\"))"`
 886                   AC_MSG_RESULT([${GUILE_SITE_CCACHE}])
 887           fi
 888           AC_SUBST([GUILE_SITE_CCACHE])
 889
 890           AC_MSG_CHECKING([for GUILE_EXTENSION])
 891           GUILE_EXTENSION=`$PKG_CONFIG --print-errors --variable=extensiondir guile-$GUILE_EFFECTIVE_VERSION`
 892           AC_MSG_RESULT([${GUILE_EXTENSION}])
 893           AC_SUBST([GUILE_EXTENSION])
 894       fi
 895
 896       save_CFLAGS="$CFLAGS"
 897       save_LIBS="$LIBS"
 898       CFLAGS="$CFLAGS $GUILE_CFLAGS"
 899       LIBS="$LIBS $GUILE_LDFLAGS"
 900       AC_MSG_CHECKING([whether GNU Guile is recent enough])
 901       AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
 902         [], [opt_guile_bindings=no])
 903       CFLAGS="$save_CFLAGS"
 904       LIBS="$save_LIBS"
 905
 906       if test "$opt_guile_bindings" = "yes"; then
 907         AC_MSG_RESULT([yes])
 908         AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
 909         _gcc_cflags_save="$CFLAGS"
 910         CFLAGS="${CFLAGS} -fgnu89-inline"
 911         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
 912                           gnu89_inline=yes, gnu89_inline=no)
 913         AC_MSG_RESULT($gnu89_inline)
 914         CFLAGS="$_gcc_cflags_save"
 915
 916         # Optional Guile functions.
 917         save_CFLAGS="$CFLAGS"
 918         save_LIBS="$LIBS"
 919         CFLAGS="$CFLAGS $GUILE_CFLAGS"
 920         LIBS="$LIBS $GUILE_LDFLAGS"
 921         AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
 922         CFLAGS="$save_CFLAGS"
 923         LIBS="$save_LIBS"
 924       else
 925         AC_MSG_RESULT([no])
 926         AC_MSG_WARN([A sufficiently recent GNU Guile not found.  Guile bindings not built.])
 927         opt_guile_bindings=no
 928       fi
 929    fi
 930 fi
 931
 932 AM_CONDITIONAL([HAVE_GUILE], [test "$opt_guile_bindings" = "yes"])
 933 AM_CONDITIONAL([HAVE_GUILD], [test "x$GUILD" != "x"])
 934
 935 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
 936 LIBGNUTLS_CFLAGS="-I${includedir}"
 937 AC_SUBST(LIBGNUTLS_LIBS)
 938 AC_SUBST(LIBGNUTLS_CFLAGS)
 939
 940 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
 941
 942 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
 943 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
 944
 945 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
 946 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
 947 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
 948
 949 dnl Some variables needed in makefiles
 950 YEAR=`date +%Y`
 951 AC_SUBST([YEAR], $YEAR)
 952
 953 dnl configuration options for config file parsing (inih)
 954 AC_DEFINE([INI_MAX_LINE], 2048, [inih maximum line size])
 955 AC_DEFINE([INI_ALLOW_INLINE_COMMENTS], 1, [whether to allowin inline comments])
 956 AC_DEFINE([INI_STOP_ON_FIRST_ERROR], 1, [whether to stop on first error])
 957 AC_DEFINE_UNQUOTED([INI_INLINE_COMMENT_PREFIXES], [";#"], [The inline comment prefixes])
 958 AC_DEFINE_UNQUOTED([INI_START_COMMENT_PREFIXES], [";#"], [The comment prefixes])
 959
 960 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
 961 AC_CONFIG_FILES([
 962   Makefile
 963   doc/Makefile
 964   doc/credentials/Makefile
 965   doc/credentials/srp/Makefile
 966   doc/credentials/x509/Makefile
 967   doc/doxygen/Doxyfile
 968   doc/examples/Makefile
 969   doc/latex/Makefile
 970   doc/manpages/Makefile
 971   doc/reference/Makefile
 972   doc/reference/version.xml
 973   doc/scripts/Makefile
 974   extra/Makefile
 975   extra/includes/Makefile
 976   libdane/Makefile
 977   libdane/includes/Makefile
 978   libdane/gnutls-dane.pc
 979   gl/Makefile
 980   gl/tests/Makefile
 981   guile/Makefile
 982   guile/src/Makefile
 983   lib/Makefile
 984   lib/accelerated/Makefile
 985   lib/accelerated/x86/Makefile
 986   lib/accelerated/aarch64/Makefile
 987   lib/algorithms/Makefile
 988   lib/auth/Makefile
 989   lib/ext/Makefile
 990   lib/extras/Makefile
 991   lib/gnutls.pc
 992   lib/includes/Makefile
 993   lib/includes/gnutls/gnutls.h
 994   lib/minitasn1/Makefile
 995   lib/nettle/Makefile
 996   lib/x509/Makefile
 997   lib/unistring/Makefile
 998   po/Makefile.in
 999   src/Makefile
1000   src/args-std.def
1001   src/gl/Makefile
1002   tests/Makefile
1003   tests/windows/Makefile
1004   tests/cert-tests/Makefile
1005   tests/slow/Makefile
1006   tests/suite/Makefile
1007   fuzz/Makefile
1008 ])
1009
1010 AC_OUTPUT
1011
1012 dnl  Warning flags:        errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
1013 AC_MSG_NOTICE([summary of build options:
1014
1015   version:              ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
1016   Host/Target system:   ${host}
1017   Build system:         ${build}
1018   Install prefix:       ${prefix}
1019   Compiler:             ${CC}
1020   Valgrind:             $opt_valgrind_tests ${VALGRIND}
1021   CFlags:               ${CFLAGS}
1022   Library types:        Shared=${enable_shared}, Static=${enable_static}
1023   Local libopts:        ${included_libopts}
1024   Local libtasn1:       ${included_libtasn1}
1025   Local unistring:      ${included_unistring}
1026   Use nettle-mini:      ${mini_nettle}
1027   Documentation:        ${enable_doc} (manpages: ${enable_manpages})
1028 ])
1029
1030 AC_MSG_NOTICE([External hardware support:
1031
1032   /dev/crypto:          $enable_cryptodev
1033   Hardware accel:       $hw_accel
1034   Padlock accel:        $use_padlock
1035   Random gen. variant:  $rnd_variant
1036   PKCS#11 support:      $with_p11_kit
1037   TPM support:          $with_tpm
1038 ])
1039 if test -n "$ac_trousers_lib";then
1040 AC_MSG_NOTICE([
1041   TPM library:          $ac_trousers_lib
1042 ])
1043 fi
1044
1045 AC_MSG_NOTICE([Optional features:
1046 (note that included applications might not compile properly
1047 if features are disabled)
1048
1049   SSL3.0 support:       $ac_enable_ssl3
1050   SSL2.0 client hello:  $ac_enable_ssl2
1051   Allow SHA1 sign:      $ac_allow_sha1
1052   DTLS-SRTP support:    $ac_enable_srtp
1053   ALPN support:         $ac_enable_alpn
1054   OCSP support:         $ac_enable_ocsp
1055   SRP support:          $ac_enable_srp
1056   PSK support:          $ac_enable_psk
1057   DHE support:          $ac_enable_dhe
1058   ECDHE support:        $ac_enable_ecdhe
1059   GOST support:         $ac_enable_gost
1060   Anon auth support:    $ac_enable_anon
1061   Heartbeat support:    $ac_enable_heartbeat
1062   IDNA support:         $idna_support
1063   Non-SuiteB curves:    $enable_non_suiteb
1064   FIPS140 mode:         $enable_fips
1065 ])
1066
1067 AC_MSG_NOTICE([Optional libraries:
1068
1069   Guile wrappers:       $opt_guile_bindings
1070   C++ library:          $use_cxx
1071   DANE library:         $enable_dane
1072   OpenSSL compat:       $enable_openssl
1073 ])
1074
1075 AC_MSG_NOTICE([System files:
1076
1077   Trust store pkcs11:   $with_default_trust_store_pkcs11
1078   Trust store dir:      $with_default_trust_store_dir
1079   Trust store file:     $with_default_trust_store_file
1080   Blacklist file:       $with_default_blacklist_file
1081   CRL file:             $with_default_crl_file
1082   Priority file:        $system_priority_file
1083   DNSSEC root key file: $unbound_root_key_file
1084 ])
1085
1086 if test ! -f "$unbound_root_key_file"; then
1087 AC_MSG_WARN([[
1088 ***
1089 *** The DNSSEC root key file in $unbound_root_key_file was not found.
1090 *** This file is needed for the verification of DNSSEC responses.
1091 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
1092 *** to generate or update it.
1093 *** ]])
1094 fi
1095
1096 if test "${enable_static}" != no;then
1097 AC_MSG_WARN([[
1098 *** GnuTLS will be build as a static library. That means that library
1099 *** constructors for gnutls_global_init will not be made available to
1100 *** linking applications. If you are building that library for arbitrary
1101 *** applications to link, do not enable static linking.
1102 ]])
1103 fi
1104
1105 if test "$enable_fuzzer_target" != "no";then
1106 AC_MSG_WARN([[
1107 *** This version of the library is for fuzzying purposes and is intentionally broken!
1108 ]])
1109 fi