1 dnl Process this file with autoconf to produce a configure script.
2 # Copyright (C) 2000-2012, 2016 Free Software Foundation, Inc.
4 # Author: Nikos Mavrogiannopoulos, Simon Josefsson
6 # This file is part of GnuTLS.
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 # General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
25 dnl when updating version also update LT_REVISION in m4/hooks.m4
26 AC_INIT([GnuTLS], [3.6.8], [bugs@gnutls.org])
27 AC_CONFIG_AUX_DIR([build-aux])
28 AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4])
31 AM_INIT_AUTOMAKE([1.12.2 foreign subdir-objects no-dist-gzip dist-xz -Wall -Wno-override])
32 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
33 AC_CONFIG_HEADERS([config.h])
36 *** Checking for compilation programs...
39 dnl Checks for programs.
52 AC_USE_SYSTEM_EXTENSIONS
58 if test "$ac_cv_prog_cc_c99" = "no"; then
59 AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])
64 AM_MAINTAINER_MODE([enable])
66 AC_ARG_ENABLE(bash-tests,
67 AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]),
68 enable_bash_tests=$enableval, enable_bash_tests=yes)
69 AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes")
72 AS_HELP_STRING([--disable-doc], [don't generate any documentation]),
73 enable_doc=$enableval, enable_doc=yes)
74 AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no")
76 AC_ARG_ENABLE(manpages,
77 AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]),
78 enable_manpages=$enableval,enable_manpages=auto)
80 if test "${enable_manpages}" = "auto";then
81 enable_manpages="${enable_doc}"
84 AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no")
87 AS_HELP_STRING([--disable-tools], [don't compile any tools]),
88 enable_tools=$enableval, enable_tools=yes)
89 AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no")
91 # For includes/gnutls/gnutls.h.in.
92 AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
93 AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
94 AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]])
95 AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
97 dnl C and C++ capabilities
103 AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
104 use_cxx=$enableval, use_cxx=yes)
105 if test "$use_cxx" != "no"; then
107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
110 AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
112 dnl Detect windows build
119 *mingw32* | *mingw64*)
121 AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
125 save_LDFLAGS="$LDFLAGS"
126 dnl Try to use -no_weak_imports if available. This makes sure we
127 dnl error out when linking to a function that doesn't exist in the
128 dnl intended minimum runtime version.
129 LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
130 AC_MSG_CHECKING([whether the linker supports -Wl,-no_weak_imports])
131 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
132 [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); LDFLAGS="$save_LDFLAGS"])
139 *** In solaris hardware acceleration is disabled by default due to issues
140 *** with the assembler. Use --enable-hardware-acceleration to enable it.
148 AM_CONDITIONAL(ANDROID, test "$have_android" = yes)
149 AM_CONDITIONAL(WINDOWS, test "$have_win" = yes)
150 AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes)
151 AM_CONDITIONAL(ELF, test "$have_elf" = yes)
153 dnl Hardware Acceleration
154 AC_ARG_ENABLE(hardware-acceleration,
155 AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]),
156 use_accel=$enableval)
161 if test "$use_accel" != "no"; then
167 dnl ILP32 not supported in assembler yet
172 i?86 | x86_64 | amd64)
173 AC_CHECK_HEADERS(cpuid.h)
174 if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then
187 AC_ARG_ENABLE(tls13-interop,
188 AS_HELP_STRING([--disable-tls13-interop], [disable TLS1.3 interoperability testing with openssl]),
189 enable_tls13_interop=$enableval, enable_tls13_interop=yes)
191 AM_CONDITIONAL(ENABLE_TLS13_INTEROP, test "$enable_tls13_interop" != "no")
193 dnl Check for iovec type
194 AC_CHECK_MEMBERS([struct iovec.iov_base],
196 AC_SUBST([DEFINE_IOVEC_T], ["#include <sys/uio.h>
197 typedef struct iovec giovec_t;"])
200 AC_SUBST([DEFINE_IOVEC_T], ["typedef struct {
205 [#include <sys/uio.h>
207 AM_SUBST_NOTMAKE([DEFINE_IOVEC_T])
209 dnl Need netinet/tcp.h for TCP_FASTOPEN
210 AC_CHECK_HEADERS([netinet/tcp.h])
211 AC_CHECK_HEADERS([stdatomic.h])
213 dnl This ensures that we link with the right library for atomic operations on Linux SPARC
215 AC_SEARCH_LIBS([__atomic_load_4], [atomic], [], [AC_MSG_NOTICE([Could not detect libatomic])])
218 AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_search___atomic_load_4" = "no"],
219 [AC_SUBST([LIBATOMIC_LIBS], [])],
220 [AC_SUBST([LIBATOMIC_LIBS], [$ac_cv_search___atomic_load_4])])
222 dnl We use its presence to detect C11 threads
223 AC_CHECK_HEADERS([threads.h])
225 AC_ARG_ENABLE(padlock,
226 AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
227 use_padlock=$enableval)
229 if test "$use_padlock" != "no"; then
230 AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration])
231 AC_SUBST([ENABLE_PADLOCK])
233 AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes")
234 AM_CONDITIONAL(ASM_AARCH64, test x"$hw_accel" = x"aarch64")
235 AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64")
236 AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86")
237 AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64")
238 AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
239 AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
241 dnl check for getrandom()
242 rnd_variant="auto-detect"
243 AC_MSG_CHECKING([for getrandom])
244 AC_LINK_IFELSE([AC_LANG_PROGRAM([
245 #include <sys/random.h>],[
249 AC_DEFINE([HAVE_GETRANDOM], 1, [Enable the Linux getrandom function])
250 rnd_variant=getrandom],
253 AC_MSG_CHECKING([for getentropy])
254 AC_LINK_IFELSE([AC_LANG_PROGRAM([
257 #include <sys/random.h>
266 AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
267 rnd_variant=getentropy],
270 AM_CONDITIONAL(HAVE_GETENTROPY, test "$rnd_variant" = "getentropy")
274 LIBGNUTLS_EXTRA_HOOKS
277 AS_HELP_STRING([--disable-tests], [don't compile or run any tests]),
278 enable_tests=$enableval, enable_tests=$enable_tools)
279 AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no")
281 AC_ARG_ENABLE(fuzzer-target,
282 AS_HELP_STRING([--enable-fuzzer-target], [make a library intended for testing - not production]),
283 enable_fuzzer_target=$enableval, enable_fuzzer_target=no)
284 if test "$enable_fuzzer_target" != "no";then
285 AC_DEFINE([FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], 1, [Enable fuzzer target -not for production])
289 dnl check for gtk-doc
291 m4_ifdef([GTK_DOC_CHECK], [
292 GTK_DOC_CHECK([1.14],[--flavour no-tmpl])
294 AM_CONDITIONAL([ENABLE_GTK_DOC], false)
296 # needed for some older versions of gtk-doc
297 m4_ifdef([GTK_DOC_USE_LIBTOOL], [], [
298 AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], false)
301 AM_GNU_GETTEXT([external])
302 AM_GNU_GETTEXT_VERSION([0.19])
306 dnl No fork on MinGW, disable some self-tests until we fix them.
307 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
308 AC_CHECK_FUNCS([fork setitimer getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero],,)
309 dnl Manually check some functions by including headers first. On macOS, you
310 dnl normally only have the latest SDK available, containing all existing
311 dnl functions, but having them restricted according to target version in
312 dnl headers. If we bypass the headers and just try linking (as AC_CHECK_FUNCS
313 dnl does), we will accidentally detect functions which we shouldn't use. Set
314 dnl ac_cv_func_* as well, to avoid later AC_CHECK_FUNCS from other included
315 dnl scripts from overriding it.
316 AC_MSG_CHECKING([for clock_gettime])
317 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <time.h>], [clock_gettime(0, 0);])],
318 [AC_MSG_RESULT(yes); ac_cv_func_clock_gettime=yes
319 AC_DEFINE([HAVE_CLOCK_GETTIME], 1, [Define to 1 if you have the `clock_gettime' function.])],
320 [AC_MSG_RESULT(no); ac_cv_func_clock_gettime=no])
321 AC_MSG_CHECKING([for fmemopen])
322 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fmemopen(0, 0, 0);])],
323 [AC_MSG_RESULT(yes); ac_cv_func_fmemopen=yes
324 AC_DEFINE([HAVE_FMEMOPEN], 1, [Define to 1 if you have the `fmemopen' function.])],
325 [AC_MSG_RESULT(no); ac_cv_func_fmemopen=no])
327 AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
329 AC_CHECK_FUNCS([__register_atfork secure_getenv getauxval],,)
331 AC_ARG_ENABLE(seccomp-tests,
332 AS_HELP_STRING([--enable-seccomp-tests], [unconditionally enable tests with seccomp]),
333 seccomp_tests=$enableval, seccomp_tests=no)
335 AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes")
337 # check for libseccomp - used in test programs
338 AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include <seccomp.h>
339 ], [seccomp_init(0);])
341 # check for libcrypto - used in test programs
342 AC_LIB_HAVE_LINKFLAGS(crypto,, [#include <openssl/evp.h>
343 ], [EVP_CIPHER_CTX_init(NULL);])
345 AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes")
347 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
349 ], [timer_create (0,0,0);])
351 if test "$have_win" != "yes";then
352 AC_CHECK_FUNCS([pthread_mutex_lock],,)
353 if test "$ac_cv_func_pthread_mutex_lock" != "yes";then
354 AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
358 if test "$ac_cv_func_nanosleep" != "yes";then
359 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [nanosleep (0, 0);])
360 gnutls_needs_librt=yes
363 if test "$ac_cv_func_clock_gettime" != "yes";then
364 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>], [clock_gettime (0, 0);])
365 gnutls_needs_librt=yes
368 AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring],
369 [disable linking with system libunistring]),
370 included_unistring="$withval",
371 included_unistring=no)
373 if test "$included_unistring" = yes;then
377 AC_SEARCH_LIBS(u8_normalize, unistring, [
378 included_unistring=no
379 ac_have_unistring=yes
380 AC_SUBST([LIBUNISTRING], [$ac_cv_search_u8_normalize])
382 ac_cv_libunistring=no
385 *** Libunistring was not found. To use the included one, use --with-included-unistring
391 AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes")
393 dnl Note that g*l_INIT are run after we check for library capabilities,
394 dnl to prevent issues from caching lib dependencies. See discussion
395 dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and
396 dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html
401 # disable the extended test suite at tests/suite if asked, or if we are not running in git master
402 AC_ARG_ENABLE(full-test-suite,
403 AS_HELP_STRING([--disable-full-test-suite], [disable running very slow components of test suite]),
404 full_test_suite=$enableval, full_test_suite=yes)
406 # test if we are in git master or in release build. In release
407 # builds we do not use valgrind.
408 SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c"
409 if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then
413 AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes")
415 dnl GCC warnings to enable
417 AC_ARG_ENABLE([gcc-warnings],
418 [AS_HELP_STRING([--disable-gcc-warnings],
419 [turn off lots of GCC warnings (for developers)])],
422 *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
424 gl_gcc_warnings=$enableval],
425 [gl_gcc_warnings=yes]
428 if test "$gl_gcc_warnings" = yes; then
429 gl_WARN_ADD([-Wtype-limits], [WSTACK_CFLAGS])
431 nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
432 nw="$nw -Wc++-compat" # We don't care about C++ compilers
433 nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib
434 nw="$nw -Wtraditional" # Warns on #elif which we use often
435 nw="$nw -Wpadded" # Our structs are not padded
436 nw="$nw -Wtraditional-conversion" # Too many warnings for now
437 nw="$nw -Wswitch-default" # Too many warnings for now
438 nw="$nw -Wformat-y2k" # Too many warnings for now
439 nw="$nw -Woverlength-strings" # We use some in tests/
440 nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays
441 nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
442 nw="$nw -Wformat-signedness" # Too many to handle
443 nw="$nw -Wstrict-overflow"
444 nw="$nw -Wmissing-noreturn"
445 nw="$nw -Winline" # Too compiler dependent
446 nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes?
447 nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes?
448 nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes?
449 nw="$nw -Wstack-protector" # Some functions cannot be protected
450 nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point
451 nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle)
453 gl_MANYWARN_ALL_GCC([ws])
454 gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
458 gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
459 gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
460 gl_WARN_ADD([-Wno-format-truncation]) # Many warnings with no point
461 gl_WARN_ADD([-Wimplicit-fallthrough=2])
462 gl_WARN_ADD([-Wabi=11])
463 gl_WARN_ADD([-fdiagnostics-show-option])
466 AC_SUBST([WERROR_CFLAGS])
467 AC_SUBST([WSTACK_CFLAGS])
468 AC_SUBST([WARN_CFLAGS])
470 dnl Programs for compilation or development
472 LT_INIT([disable-static,win32-dll,shared])
476 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
478 AC_ARG_ENABLE(fips140-mode,
479 AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
480 enable_fips=$enableval, enable_fips=no)
481 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
482 if [ test "$enable_fips" = "yes" ];then
483 if test "x$HAVE_LIBDL" = "xyes";then
484 AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
485 AC_SUBST([FIPS140_LIBS], $LIBDL)
486 AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
487 [specify the FIPS140 HMAC key for integrity]),
489 fips_key="orboDeJITITejsirpADONivirpUkvarP")
491 AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
496 *** This system is not supported in FIPS140 mode.
497 *** libdl and dladdr() are required.
502 PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no])
503 AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no")
505 AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],
506 [disable support for IDNA]),
507 try_libidn2="$withval",
513 if test "$try_libidn2" = yes;then
515 AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [
517 idna_support="IDNA 2008 (libidn2)"
518 AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.])
519 AC_SUBST([LIBIDN2_CFLAGS], [])
520 AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in
521 dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private)
522 dnl if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
523 dnl GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
525 dnl GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
529 AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support)
536 AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")
538 AC_ARG_ENABLE(non-suiteb-curves,
539 AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
540 enable_non_suiteb=$enableval, enable_non_suiteb=yes)
542 if test "$enable_non_suiteb" = "yes";then
543 dnl nettle_secp_192r1 is not really a function
544 AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS])
546 if test "$enable_non_suiteb" = "yes";then
547 AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves])
550 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
552 # We MUST require a Nettle version that has rsa_sec_decrypt now.
554 LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS"
555 AC_CHECK_FUNCS(nettle_rsa_sec_decrypt,
557 [AC_MSG_ERROR([Nettle lacks the required rsa_sec_decrypt function])]
561 # Check if nettle has CFB8 support
563 LIBS="$LIBS $NETTLE_LIBS"
564 AC_CHECK_FUNCS(nettle_cfb8_encrypt)
567 # Check if nettle has CMAC support
569 LIBS="$LIBS $NETTLE_LIBS"
570 AC_CHECK_FUNCS(nettle_cmac128_update)
573 # Check if nettle has XTS support
575 LIBS="$LIBS $NETTLE_LIBS"
576 AC_CHECK_FUNCS(xts_encrypt_message)
580 AC_MSG_CHECKING([whether to build libdane])
581 AC_ARG_ENABLE(libdane,
582 AS_HELP_STRING([--disable-libdane],
583 [disable the built of libdane]),
584 enable_dane=$enableval, enable_dane=yes)
585 AC_MSG_RESULT($enable_dane)
587 if test "$enable_dane" != "no"; then
588 LIBS="$oldlibs -lunbound"
589 AC_MSG_CHECKING([for unbound library])
590 AC_LINK_IFELSE([AC_LANG_PROGRAM([
591 #include <unbound.h>],[
593 ctx = ub_ctx_create();])],
595 AC_SUBST([UNBOUND_LIBS], [-lunbound])
596 AC_SUBST([UNBOUND_CFLAGS], [])
597 AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library])
602 *** libunbound was not found. Libdane will not be built.
608 AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes")
610 AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file],
611 [specify the unbound root key file]),
612 unbound_root_key_file="$withval",
613 if test "$have_win" = yes; then
614 unbound_root_key_file="C:\\Program Files\\Unbound\\root.key"
616 if test -f /var/lib/unbound/root.key;then
617 unbound_root_key_file="/var/lib/unbound/root.key"
619 if test -f /usr/share/dns/root.key;then
620 unbound_root_key_file="/usr/share/dns/root.key"
622 unbound_root_key_file="/etc/unbound/root.key"
628 AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE],
629 ["$unbound_root_key_file"], [The DNSSEC root key file])
631 AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file],
632 [specify the system priority file]),
633 system_priority_file="$withval",
634 system_priority_file="/etc/gnutls/default-priorities"
637 AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE],
638 ["$system_priority_file"], [The system priority file])
640 AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string],
641 [specify the default priority string (e.g. @SYSTEM)]),
642 prio_string="$withval",
643 prio_string="NORMAL")
645 AC_DEFINE_UNQUOTED([DEFAULT_PRIORITY_STRING], ["$prio_string"], [The default priority string])
647 dnl Check for p11-kit
648 P11_KIT_MINIMUM=0.23.1
650 AS_HELP_STRING([--without-p11-kit],
651 [Build without p11-kit and PKCS#11 support]))
652 if test "$with_p11_kit" != "no"; then
653 PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no])
654 if test "$with_p11_kit" != "no";then
655 AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
656 if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
657 GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1"
659 GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
665 *** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support
666 *** use --without-p11-kit, otherwise you may get p11-kit from
667 *** https://p11-glue.freedesktop.org/p11-kit.html
672 AM_CONDITIONAL(P11KIT_0_23_11_API, $PKG_CONFIG --atleast-version=0.23.11 p11-kit-1)
674 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
677 AS_HELP_STRING([--without-tpm],
678 [Disable TPM (trousers) support.]),
679 [with_tpm=$withval], [with_tpm=yes])
680 if test "$with_tpm" != "no"; then
681 LIBS="$oldlibs -ltspi"
682 AC_MSG_CHECKING([for tss library])
683 AC_LINK_IFELSE([AC_LANG_PROGRAM([
684 #include <trousers/tss.h>
685 #include <trousers/trousers.h>],[
686 int err = Tspi_Context_Create((void *)0);
687 Trspi_Error_String(err);])],
689 AC_SUBST([TSS_LIBS], [-ltspi])
690 AC_SUBST([TSS_CFLAGS], [])
691 AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM])
696 *** trousers was not found. TPM support will be disabled.
702 AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no")
704 for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do
705 if test -f "${l}/libtspi.so.1";then
706 default_trousers_lib="${l}/libtspi.so.1"
711 AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB],
712 [set the location of the trousers library]),
713 ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib)
715 if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then
718 *** unable to find trousers library, please specify with --with-trousers-lib=<lib file>
723 AC_DEFINE_UNQUOTED([TROUSERS_LIB], ["$ac_trousers_lib"], [the location of the trousers library])
724 AC_SUBST(TROUSERS_LIB)
726 AM_MISSING_PROG([AUTOGEN], [autogen])
729 if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then
730 AC_CHECK_PROGS([autogen], [autogen])
732 if test -z "$autogen"; then
735 *** autogen not found. Will not link against system libopts.
737 dnl simulate specifying option on the command line
740 LIBOPTS_CHECK([src/libopts])
741 if test "$NEED_LIBOPTS_DIR" = "true";then
742 dnl replace libopts-generated files with distributed backups, if present
746 # Need to ensure the relevant conditionals get set
748 AM_CONDITIONAL([INSTALL_LIBOPTS],[false])
751 AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes")
754 AC_CHECK_SIZEOF(unsigned long int, 4)
755 AC_CHECK_SIZEOF(unsigned int, 4)
756 AC_CHECK_SIZEOF(time_t, 4)
758 # export for use in scripts
759 AC_SUBST(ac_cv_sizeof_time_t)
761 AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
764 AC_ARG_WITH([default-trust-store-pkcs11],
765 [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI],
766 [use the given pkcs11 uri as default trust store])])
768 if test "x$with_default_trust_store_pkcs11" != x; then
769 if test "x$with_p11_kit" = xno; then
770 AC_MSG_ERROR([cannot use pkcs11 store without p11-kit])
772 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11],
773 ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
776 AM_CONDITIONAL([HAVE_PKCS11_TRUST_STORE], [test -n "${with_default_trust_store_pkcs11}"])
778 AC_ARG_WITH([default-trust-store-dir],
779 [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
780 [use the given directory as default trust store])])
782 if test "x$with_default_trust_store_dir" != x; then
783 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
784 ["$with_default_trust_store_dir"], [use the given directory as default trust store])
787 dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
788 AC_ARG_WITH([default-trust-store-file],
789 [AS_HELP_STRING([--with-default-trust-store-file=FILE],
790 [use the given file default trust store])], with_default_trust_store_file="$withval",
791 [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then
793 /etc/ssl/ca-bundle.pem \
794 /etc/ssl/certs/ca-certificates.crt \
795 /etc/pki/tls/cert.pem \
796 /usr/local/share/certs/ca-root-nss.crt \
799 if test -e "$i"; then
800 with_default_trust_store_file="$i"
807 if test "$with_default_trust_store_file" = "no";then
808 with_default_trust_store_file=""
811 AC_ARG_WITH([default-crl-file],
812 [AS_HELP_STRING([--with-default-crl-file=FILE],
813 [use the given CRL file as default])])
815 AC_ARG_WITH([default-blacklist-file],
816 [AS_HELP_STRING([--with-default-blacklist-file=FILE],
817 [use the given certificate blacklist file as default])])
819 if test "x$with_default_trust_store_file" != x; then
820 AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
821 ["$with_default_trust_store_file"], [use the given file default trust store])
824 if test "x$with_default_crl_file" != x; then
825 AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
826 ["$with_default_crl_file"], [use the given CRL file])
829 if test "x$with_default_blacklist_file" != x; then
830 AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE],
831 ["$with_default_blacklist_file"], [use the given certificate blacklist file])
835 AC_MSG_CHECKING([whether building Guile bindings])
837 AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
838 [opt_guile_bindings=$enableval], [opt_guile_bindings=yes])
839 AC_MSG_RESULT($opt_guile_bindings)
841 AC_ARG_WITH([guile-site-dir], AS_HELP_STRING([--with-guile-site-dir=DIR],
842 [guile site directory for gnutls, default is guile system settings]),
843 [guilesitedir="${withval}"], [guilesitedir='$(GUILE_SITE)'])
844 AC_ARG_WITH([guile-site-ccache-dir], AS_HELP_STRING([--with-guile-site-ccache-dir=DIR],
845 [guile ccache directory for gnutls, default is guile system settings]),
846 [guilesiteccachedir="${withval}"], [guilesiteccachedir='$(GUILE_SITE_CCACHE)'])
847 AC_ARG_WITH([guile-extension-dir], AS_HELP_STRING([--with-guile-extension-dir=DIR],
848 [guile extension directory for gnutls, default is guile system settings]),
849 [guileextensiondir="${withval}"], [guileextensiondir='$(GUILE_EXTENSION)'])
850 AC_SUBST([guilesitedir])
851 AC_SUBST([guilesiteccachedir])
852 AC_SUBST([guileextensiondir])
854 if test "$opt_guile_bindings" = "yes"; then
856 *** Detecting GNU Guile...
859 AC_PATH_PROG([guile_snarf], [guile-snarf])
860 if test "x$guile_snarf" = "x"; then
861 AC_MSG_WARN([`guile-snarf' from Guile not found. Guile bindings not built.])
862 opt_guile_bindings=no
864 dnl Check for 'guild', which can be used to compile Scheme code
866 AC_PATH_PROG([GUILD], [guild])
874 # Backward compatibility with <guile-2.2 m4 macro that is used
875 # due to autreconf of several CI machine.
876 # We need to guess the locations of ccache and extension
877 if test -z "${GUILE_SITE_CCACHE}"; then
878 AC_MSG_NOTICE([Found <guile-2.2 m4, macro emulating])
880 AC_MSG_CHECKING([for GUILE_SITE_CCACHE via pkg-config])
881 GUILE_SITE_CCACHE=`$PKG_CONFIG --variable=siteccachedir guile-$GUILE_EFFECTIVE_VERSION`
882 AC_MSG_RESULT([${GUILE_SITE_CCACHE}])
883 if test -z "${GUILE_SITE_CCACHE}"; then
884 AC_MSG_CHECKING([for GUILE_SITE_CCACHE via guile])
885 GUILE_SITE_CCACHE=`$GUILE -c "(display (if (defined? '%site-ccache-dir) (%site-ccache-dir) \"\"))"`
886 AC_MSG_RESULT([${GUILE_SITE_CCACHE}])
888 AC_SUBST([GUILE_SITE_CCACHE])
890 AC_MSG_CHECKING([for GUILE_EXTENSION])
891 GUILE_EXTENSION=`$PKG_CONFIG --print-errors --variable=extensiondir guile-$GUILE_EFFECTIVE_VERSION`
892 AC_MSG_RESULT([${GUILE_EXTENSION}])
893 AC_SUBST([GUILE_EXTENSION])
896 save_CFLAGS="$CFLAGS"
898 CFLAGS="$CFLAGS $GUILE_CFLAGS"
899 LIBS="$LIBS $GUILE_LDFLAGS"
900 AC_MSG_CHECKING([whether GNU Guile is recent enough])
901 AC_LINK_IFELSE([AC_LANG_PROGRAM([], [scm_from_locale_string ("")])],
902 [], [opt_guile_bindings=no])
903 CFLAGS="$save_CFLAGS"
906 if test "$opt_guile_bindings" = "yes"; then
908 AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
909 _gcc_cflags_save="$CFLAGS"
910 CFLAGS="${CFLAGS} -fgnu89-inline"
911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
912 gnu89_inline=yes, gnu89_inline=no)
913 AC_MSG_RESULT($gnu89_inline)
914 CFLAGS="$_gcc_cflags_save"
916 # Optional Guile functions.
917 save_CFLAGS="$CFLAGS"
919 CFLAGS="$CFLAGS $GUILE_CFLAGS"
920 LIBS="$LIBS $GUILE_LDFLAGS"
921 AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
922 CFLAGS="$save_CFLAGS"
926 AC_MSG_WARN([A sufficiently recent GNU Guile not found. Guile bindings not built.])
927 opt_guile_bindings=no
932 AM_CONDITIONAL([HAVE_GUILE], [test "$opt_guile_bindings" = "yes"])
933 AM_CONDITIONAL([HAVE_GUILD], [test "x$GUILD" != "x"])
935 LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
936 LIBGNUTLS_CFLAGS="-I${includedir}"
937 AC_SUBST(LIBGNUTLS_LIBS)
938 AC_SUBST(LIBGNUTLS_CFLAGS)
940 AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
942 AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
943 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
945 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
946 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
947 AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename])
949 dnl Some variables needed in makefiles
951 AC_SUBST([YEAR], $YEAR)
953 dnl configuration options for config file parsing (inih)
954 AC_DEFINE([INI_MAX_LINE], 2048, [inih maximum line size])
955 AC_DEFINE([INI_ALLOW_INLINE_COMMENTS], 1, [whether to allowin inline comments])
956 AC_DEFINE([INI_STOP_ON_FIRST_ERROR], 1, [whether to stop on first error])
957 AC_DEFINE_UNQUOTED([INI_INLINE_COMMENT_PREFIXES], [";#"], [The inline comment prefixes])
958 AC_DEFINE_UNQUOTED([INI_START_COMMENT_PREFIXES], [";#"], [The comment prefixes])
960 AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
964 doc/credentials/Makefile
965 doc/credentials/srp/Makefile
966 doc/credentials/x509/Makefile
968 doc/examples/Makefile
970 doc/manpages/Makefile
971 doc/reference/Makefile
972 doc/reference/version.xml
975 extra/includes/Makefile
977 libdane/includes/Makefile
978 libdane/gnutls-dane.pc
984 lib/accelerated/Makefile
985 lib/accelerated/x86/Makefile
986 lib/accelerated/aarch64/Makefile
987 lib/algorithms/Makefile
992 lib/includes/Makefile
993 lib/includes/gnutls/gnutls.h
994 lib/minitasn1/Makefile
997 lib/unistring/Makefile
1003 tests/windows/Makefile
1004 tests/cert-tests/Makefile
1006 tests/suite/Makefile
1012 dnl Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
1013 AC_MSG_NOTICE([summary of build options:
1015 version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
1016 Host/Target system: ${host}
1017 Build system: ${build}
1018 Install prefix: ${prefix}
1020 Valgrind: $opt_valgrind_tests ${VALGRIND}
1022 Library types: Shared=${enable_shared}, Static=${enable_static}
1023 Local libopts: ${included_libopts}
1024 Local libtasn1: ${included_libtasn1}
1025 Local unistring: ${included_unistring}
1026 Use nettle-mini: ${mini_nettle}
1027 Documentation: ${enable_doc} (manpages: ${enable_manpages})
1030 AC_MSG_NOTICE([External hardware support:
1032 /dev/crypto: $enable_cryptodev
1033 Hardware accel: $hw_accel
1034 Padlock accel: $use_padlock
1035 Random gen. variant: $rnd_variant
1036 PKCS#11 support: $with_p11_kit
1037 TPM support: $with_tpm
1039 if test -n "$ac_trousers_lib";then
1041 TPM library: $ac_trousers_lib
1045 AC_MSG_NOTICE([Optional features:
1046 (note that included applications might not compile properly
1047 if features are disabled)
1049 SSL3.0 support: $ac_enable_ssl3
1050 SSL2.0 client hello: $ac_enable_ssl2
1051 Allow SHA1 sign: $ac_allow_sha1
1052 DTLS-SRTP support: $ac_enable_srtp
1053 ALPN support: $ac_enable_alpn
1054 OCSP support: $ac_enable_ocsp
1055 SRP support: $ac_enable_srp
1056 PSK support: $ac_enable_psk
1057 DHE support: $ac_enable_dhe
1058 ECDHE support: $ac_enable_ecdhe
1059 GOST support: $ac_enable_gost
1060 Anon auth support: $ac_enable_anon
1061 Heartbeat support: $ac_enable_heartbeat
1062 IDNA support: $idna_support
1063 Non-SuiteB curves: $enable_non_suiteb
1064 FIPS140 mode: $enable_fips
1067 AC_MSG_NOTICE([Optional libraries:
1069 Guile wrappers: $opt_guile_bindings
1070 C++ library: $use_cxx
1071 DANE library: $enable_dane
1072 OpenSSL compat: $enable_openssl
1075 AC_MSG_NOTICE([System files:
1077 Trust store pkcs11: $with_default_trust_store_pkcs11
1078 Trust store dir: $with_default_trust_store_dir
1079 Trust store file: $with_default_trust_store_file
1080 Blacklist file: $with_default_blacklist_file
1081 CRL file: $with_default_crl_file
1082 Priority file: $system_priority_file
1083 DNSSEC root key file: $unbound_root_key_file
1086 if test ! -f "$unbound_root_key_file"; then
1089 *** The DNSSEC root key file in $unbound_root_key_file was not found.
1090 *** This file is needed for the verification of DNSSEC responses.
1091 *** Use the command: unbound-anchor -a "$unbound_root_key_file"
1092 *** to generate or update it.
1096 if test "${enable_static}" != no;then
1098 *** GnuTLS will be build as a static library. That means that library
1099 *** constructors for gnutls_global_init will not be made available to
1100 *** linking applications. If you are building that library for arbitrary
1101 *** applications to link, do not enable static linking.
1105 if test "$enable_fuzzer_target" != "no";then
1107 *** This version of the library is for fuzzying purposes and is intentionally broken!