xref: /freebsd/contrib/unbound/configure.ac (revision 357378bbdedf24ce2b90e9bd831af4a9db3ec70a)
1#                                               -*- Autoconf -*-
2# Process this file with autoconf to produce a configure script.
3AC_PREREQ([2.56])
4sinclude(acx_nlnetlabs.m4)
5sinclude(ax_pthread.m4)
6sinclude(acx_python.m4)
7sinclude(ax_pkg_swig.m4)
8sinclude(dnstap/dnstap.m4)
9sinclude(dnscrypt/dnscrypt.m4)
10
11# must be numbers. ac_defun because of later processing
12m4_define([VERSION_MAJOR],[1])
13m4_define([VERSION_MINOR],[20])
14m4_define([VERSION_MICRO],[0])
15AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
16AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
17AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
18AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
19
20LIBUNBOUND_CURRENT=9
21LIBUNBOUND_REVISION=27
22LIBUNBOUND_AGE=1
23# 1.0.0 had 0:12:0
24# 1.0.1 had 0:13:0
25# 1.0.2 had 0:14:0
26# 1.1.0 had 0:15:0
27# 1.1.1 had 0:16:0
28# 1.2.0 had 0:17:0
29# 1.2.1 had 0:18:0
30# 1.3.0 had 1:0:0   # ub_cancel and -export-symbols.
31# 1.3.1 had 1:1:0
32# 1.3.2 had 1:2:0
33# 1.3.3 had 1:3:0
34# 1.3.4 had 1:4:0
35# 1.4.0-snapshots had 1:5:0
36# 1.4.0 had 1:5:0 (not 2:0:0)   # ub_result.why_bogus
37# 1.4.1 had 2:1:0
38# 1.4.2 had 2:2:0
39# 1.4.3 had 2:3:0
40# 1.4.4 had 2:4:0
41# 1.4.5 had 2:5:0
42# 1.4.6 had 2:6:0
43# 1.4.7 had 2:7:0
44# 1.4.8 had 2:8:0
45# 1.4.9 had 2:9:0
46# 1.4.10 had 2:10:0
47# 1.4.11 had 2:11:0
48# 1.4.12 had 2:12:0
49# 1.4.13 had 2:13:0
50# and 1.4.13p1 and 1.4.13.p2
51# 1.4.14 had 2:14:0
52# 1.4.15 had 3:0:1 # adds ub_version()
53# 1.4.16 had 3:1:1
54# 1.4.17 had 3:2:1
55# 1.4.18 had 3:3:1
56# 1.4.19 had 3:4:1
57# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1
58# 1.4.21 had 4:1:2
59# 1.4.22 had 4:1:2
60# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
61# 1.5.1 had 5:3:3
62# 1.5.2 had 5:5:3
63# 1.5.3 had 5:6:3
64# 1.5.4 had 5:7:3
65# 1.5.5 had 5:8:3
66# 1.5.6 had 5:9:3
67# 1.5.7 had 5:10:3
68# 1.5.8 had 6:0:4 # adds ub_ctx_set_stub
69# 1.5.9 had 6:1:4
70# 1.5.10 had 6:2:4
71# 1.6.0 had 6:3:4
72# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
73# 1.6.2 had 7:1:5
74# 1.6.3 had 7:2:5
75# 1.6.4 had 7:3:5
76# 1.6.5 had 7:4:5
77# 1.6.6 had 7:5:5
78# 1.6.7 had 7:6:5
79# 1.6.8 had 7:7:5
80# 1.7.0 had 7:8:5
81# 1.7.1 had 7:9:5
82# 1.7.2 had 7:10:5
83# 1.7.3 had 7:11:5
84# 1.8.0 had 8:0:0 # changes the event callback function signature
85# 1.8.1 had 8:1:0
86# 1.8.2 had 8:2:0
87# 1.8.3 had 8:3:0
88# 1.9.0 had 9:0:1 # add ub_ctx_set_tls
89# 1.9.1 had 9:1:1
90# 1.9.2 had 9:2:1
91# 1.9.3 had 9:3:1
92# 1.9.4 had 9:4:1
93# 1.9.5 had 9:5:1
94# 1.9.6 had 9:6:1
95# 1.10.0 had 9:7:1
96# 1.10.1 had 9:8:1
97# 1.11.0 had 9:9:1
98# 1.12.0 had 9:10:1
99# 1.13.0 had 9:11:1
100# 1.13.1 had 9:12:1
101# 1.13.2 had 9:13:1
102# 1.14.0 had 9:14:1
103# 1.15.0 had 9:15:1
104# 1.16.0 had 9:16:1
105# 1.16.1 had 9:17:1
106# 1.16.2 had 9:18:1
107# 1.16.3 had 9:19:1
108# 1.17.0 had 9:20:1
109# 1.17.1 had 9:21:1
110# 1.18.0 had 9:22:1
111# 1.19.0 had 9:23:1
112# 1.19.1 had 9:24:1
113# 1.19.2 had 9:25:1
114# 1.19.3 had 9:26:1
115# 1.20.0 had 9:27:1
116
117#   Current  -- the number of the binary API that we're implementing
118#   Revision -- which iteration of the implementation of the binary
119#               API are we supplying?
120#   Age      -- How many previous binary API versions do we also
121#               support?
122#
123# If we release a new version that does not change the binary API,
124# increment Revision.
125#
126# If we release a new version that changes the binary API, but does
127# not break programs compiled against the old binary API, increment
128# Current and Age.  Set Revision to 0, since this is the first
129# implementation of the new API.
130#
131# Otherwise, we're changing the binary API and breaking backward
132# compatibility with old binaries.  Increment Current.  Set Age to 0,
133# since we're backward compatible with no previous APIs.  Set Revision
134# to 0 too.
135AC_SUBST(LIBUNBOUND_CURRENT)
136AC_SUBST(LIBUNBOUND_REVISION)
137AC_SUBST(LIBUNBOUND_AGE)
138
139
140cmdln="`echo $@ | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/'g`"
141AC_DEFINE_UNQUOTED(CONFCMDLINE, ["$cmdln"], [Command line arguments used with configure])
142
143CFLAGS="$CFLAGS"
144AC_USE_SYSTEM_EXTENSIONS
145if test "$ac_cv_header_minix_config_h" = "yes"; then
146	AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix])
147fi
148
149dnl
150dnl By default set prefix to /usr/local
151dnl
152case "$prefix" in
153        NONE)
154		prefix="/usr/local"
155        ;;
156esac
157case "$exec_prefix" in
158        NONE)
159		exec_prefix="$prefix"
160        ;;
161esac
162
163# are we on MinGW?
164if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes"
165else
166	if echo $host | grep mingw >/dev/null; then on_mingw="yes"
167	else on_mingw="no"; fi
168fi
169
170#
171# Determine configuration file
172# the eval is to evaluate shell expansion twice
173UNBOUND_SBIN_DIR=`eval echo "${sbindir}"`
174AC_SUBST(UNBOUND_SBIN_DIR)
175UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"`
176AC_SUBST(UNBOUND_SYSCONF_DIR)
177UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"`
178AC_SUBST(UNBOUND_LOCALSTATE_DIR)
179if test $on_mingw = "no"; then
180  ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"`
181else
182  ub_conf_file="C:\\Program Files\\Unbound\\service.conf"
183fi
184AC_ARG_WITH([conf_file],
185        AS_HELP_STRING([--with-conf-file=path],[Pathname to the Unbound configuration file]),
186	[ub_conf_file="$withval"])
187AC_SUBST(ub_conf_file)
188ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config)
189AC_DEFINE_UNQUOTED(CONFIGFILE, ["$hdr_config"], [Pathname to the Unbound configuration file])
190ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])`
191AC_SUBST(ub_conf_dir)
192
193# Determine run, chroot directory and pidfile locations
194AC_ARG_WITH(run-dir,
195    AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]),
196    UNBOUND_RUN_DIR="$withval",
197if test $on_mingw = no; then
198    UNBOUND_RUN_DIR=`dirname "$ub_conf_file"`
199else
200    UNBOUND_RUN_DIR=""
201fi
202)
203AC_SUBST(UNBOUND_RUN_DIR)
204ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run)
205AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to])
206
207AC_ARG_WITH(chroot-dir,
208    AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]),
209    UNBOUND_CHROOT_DIR="$withval",
210if test $on_mingw = no; then
211    UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR"
212else
213    UNBOUND_CHROOT_DIR=""
214fi
215)
216AC_SUBST(UNBOUND_CHROOT_DIR)
217ACX_ESCAPE_BACKSLASH($UNBOUND_CHROOT_DIR, hdr_chroot)
218AC_DEFINE_UNQUOTED(CHROOT_DIR, ["$hdr_chroot"], [Directory to chroot to])
219
220AC_ARG_WITH(share-dir,
221    AS_HELP_STRING([--with-share-dir=path],[set default directory with shared data (by default same as share/unbound)]),
222    UNBOUND_SHARE_DIR="$withval",
223    UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR")
224AC_SUBST(UNBOUND_SHARE_DIR)
225AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data])
226
227AC_ARG_WITH(pidfile,
228    AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]),
229    UNBOUND_PIDFILE="$withval",
230if test $on_mingw = no; then
231    UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid"
232else
233    UNBOUND_PIDFILE=""
234fi
235)
236AC_SUBST(UNBOUND_PIDFILE)
237ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid)
238AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location])
239
240AC_ARG_WITH(rootkey-file,
241    AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]),
242    UNBOUND_ROOTKEY_FILE="$withval",
243if test $on_mingw = no; then
244    UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
245else
246    UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key"
247fi
248)
249AC_SUBST(UNBOUND_ROOTKEY_FILE)
250ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey)
251AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location])
252
253AC_ARG_WITH(rootcert-file,
254    AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem).  This file need not exist if you are content with the builtin.]),
255    UNBOUND_ROOTCERT_FILE="$withval",
256if test $on_mingw = no; then
257    UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
258else
259    UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem"
260fi
261)
262AC_SUBST(UNBOUND_ROOTCERT_FILE)
263ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem)
264AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location])
265
266AC_ARG_WITH(username,
267    AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]),
268    UNBOUND_USERNAME="$withval",
269    UNBOUND_USERNAME="unbound")
270AC_SUBST(UNBOUND_USERNAME)
271AC_DEFINE_UNQUOTED(UB_USERNAME, ["$UNBOUND_USERNAME"], [default username])
272
273AC_DEFINE(WINVER, 0x0502, [the version of the windows API enabled])
274ACX_RSRC_VERSION(wnvs)
275AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource files])
276
277# Check for 'grep -e' program, here, since ACX_CHECK_FLTO needs that.
278AC_PROG_GREP
279
280# Checks for typedefs, structures, and compiler characteristics.
281AC_C_CONST
282AC_LANG([C])
283# allow user to override the -g -O2 flags.
284default_cflags=no
285if test "x$CFLAGS" = "x" ; then
286ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"])
287ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"])
288default_cflags=yes
289fi
290m4_version_prereq([2.70], [AC_PROG_CC], [AC_PROG_CC_STDC])
291ACX_DEPFLAG
292ACX_DETERMINE_EXT_FLAGS_UNBOUND
293
294# debug mode flags warnings
295AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable warnings, asserts, makefile-dependencies]))
296AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[same as enable-checking]))
297if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug";
298else debug_enabled="$enable_checking"; fi
299AC_SUBST(debug_enabled)
300case "$debug_enabled" in
301        yes)
302		ACX_CHECK_COMPILER_FLAG(W, [CFLAGS="$CFLAGS -W"])
303		ACX_CHECK_COMPILER_FLAG(Wall, [CFLAGS="$CFLAGS -Wall"])
304		ACX_CHECK_COMPILER_FLAG(Wextra, [CFLAGS="$CFLAGS -Wextra"])
305		ACX_CHECK_COMPILER_FLAG(Wdeclaration-after-statement, [CFLAGS="$CFLAGS -Wdeclaration-after-statement"])
306		AC_DEFINE([UNBOUND_DEBUG], [], [define this to enable debug checks.])
307		;;
308	no|*)
309		# nothing to do.
310		;;
311esac
312if test "$default_cflags" = "yes"; then
313	# only when CFLAGS was "" at the start, if the users wants to
314	# override we shouldn't add default cflags, because they wouldn't
315	# be able to turn off these options and set the CFLAGS wanted.
316	ACX_CHECK_FLTO
317	ACX_CHECK_PIE
318	ACX_CHECK_RELRO_NOW
319fi
320
321AC_C_INLINE
322ACX_CHECK_FORMAT_ATTRIBUTE
323ACX_CHECK_UNUSED_ATTRIBUTE
324
325AC_DEFUN([CHECK_WEAK_ATTRIBUTE],
326[AC_REQUIRE([AC_PROG_CC])
327AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "weak" attribute)
328AC_CACHE_VAL(ac_cv_c_weak_attribute,
329[ac_cv_c_weak_attribute=no
330AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h>
331__attribute__((weak)) void f(int x) { printf("%d", x); }
332]], [[
333   f(1);
334]])],[ac_cv_c_weak_attribute="yes"],[ac_cv_c_weak_attribute="no"])
335])
336
337AC_MSG_RESULT($ac_cv_c_weak_attribute)
338if test $ac_cv_c_weak_attribute = yes; then
339  AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute])
340  AC_DEFINE(ATTR_WEAK, [__attribute__((weak))], [apply the weak attribute to a symbol])
341fi
342])dnl End of CHECK_WEAK_ATTRIBUTE
343
344CHECK_WEAK_ATTRIBUTE
345
346AC_DEFUN([CHECK_NORETURN_ATTRIBUTE],
347[AC_REQUIRE([AC_PROG_CC])
348AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute)
349AC_CACHE_VAL(ac_cv_c_noreturn_attribute,
350[ac_cv_c_noreturn_attribute=no
351AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h>
352__attribute__((noreturn)) void f(int x) { printf("%d", x); }
353]], [[
354   f(1);
355]])],[ac_cv_c_noreturn_attribute="yes"],[ac_cv_c_noreturn_attribute="no"])
356])
357
358AC_MSG_RESULT($ac_cv_c_noreturn_attribute)
359if test $ac_cv_c_noreturn_attribute = yes; then
360  AC_DEFINE(HAVE_ATTR_NORETURN, 1, [Whether the C compiler accepts the "noreturn" attribute])
361  AC_DEFINE(ATTR_NORETURN, [__attribute__((__noreturn__))], [apply the noreturn attribute to a function that exits the program])
362fi
363])dnl End of CHECK_NORETURN_ATTRIBUTE
364
365CHECK_NORETURN_ATTRIBUTE
366
367if test "$srcdir" != "."; then
368	CPPFLAGS="$CPPFLAGS -I$srcdir"
369fi
370
371AC_DEFUN([ACX_YYLEX_DESTROY], [
372	AC_MSG_CHECKING([for yylex_destroy])
373	if echo %% | $LEX -t 2>&1 | grep yylex_destroy >/dev/null 2>&1; then
374		AC_DEFINE(LEX_HAS_YYLEX_DESTROY, 1, [if lex has yylex_destroy])
375		AC_MSG_RESULT(yes)
376	else AC_MSG_RESULT(no);
377		LEX=":"
378	fi
379])
380
381AC_DEFUN([ACX_YYLEX_OPTION], [
382	AC_MSG_CHECKING([for lex %option])
383	if cat <<EOF | $LEX -t 2>&1 | grep yy_delete_buffer >/dev/null 2>&1; then
384%option nounput
385%%
386EOF
387		AC_MSG_RESULT(yes)
388	else AC_MSG_RESULT(no);
389		LEX=":"
390	fi
391])
392
393AC_PROG_LEX([noyywrap])
394if test "$LEX" != "" -a "$LEX" != ":"; then
395ACX_YYLEX_DESTROY
396fi
397if test "$LEX" != "" -a "$LEX" != ":"; then
398ACX_YYLEX_OPTION
399fi
400if test "$LEX" = "" -o "$LEX" = ":"; then
401	if test ! -f util/configlexer.c; then
402		AC_MSG_ERROR([no lex and no util/configlexer.c: need flex and bison to compile from source repository.])
403	fi
404fi
405AC_PROG_YACC
406if test "$YACC" = "" -o "$YACC" = ":"; then
407	if test ! -f util/configparser.c; then
408		AC_MSG_ERROR([no yacc and no util/configparser.c: need flex and bison to compile from source repository.])
409	fi
410fi
411AC_CHECK_PROG(doxygen, doxygen, doxygen)
412AC_CHECK_TOOL(STRIP, strip)
413ACX_LIBTOOL_C_ONLY
414
415# pkg-config is only needed for these options, do not require it otherwise
416if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
417PKG_PROG_PKG_CONFIG
418fi
419
420# Checks for header files.
421AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h poll.h],,, [AC_INCLUDES_DEFAULT])
422# net/if.h portability for Darwin see:
423# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html
424AC_CHECK_HEADERS([net/if.h],,, [
425#include <stdio.h>
426#ifdef STDC_HEADERS
427# include <stdlib.h>
428# include <stddef.h>
429#else
430# ifdef HAVE_STDLIB_H
431#  include <stdlib.h>
432# endif
433#endif
434#ifdef HAVE_SYS_SOCKET_H
435# include <sys/socket.h>
436#endif
437])
438
439# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
440AC_CHECK_HEADERS([TargetConditionals.h],,, [AC_INCLUDES_DEFAULT])
441AC_CHECK_HEADERS([netioapi.h],,, [AC_INCLUDES_DEFAULT
442#if HAVE_SYS_PARAM_H
443#include <sys/param.h>
444#endif
445
446#ifdef HAVE_SYS_SOCKET_H
447#include <sys/socket.h>
448#endif
449
450#ifdef HAVE_SYS_UIO_H
451#include <sys/uio.h>
452#endif
453
454#ifdef HAVE_NETINET_IN_H
455#include <netinet/in.h>
456#endif
457
458#ifdef HAVE_NETINET_TCP_H
459#include <netinet/tcp.h>
460#endif
461
462#ifdef HAVE_ARPA_INET_H
463#include <arpa/inet.h>
464#endif
465
466#ifdef HAVE_WINSOCK2_H
467#include <winsock2.h>
468#endif
469
470#ifdef HAVE_WS2TCPIP_H
471#include <ws2tcpip.h>
472#endif
473])
474
475# Check for Linux timestamping headers
476AC_CHECK_HEADERS([linux/net_tstamp.h],,, [AC_INCLUDES_DEFAULT])
477
478# check for types.
479# Using own tests for int64* because autoconf builtin only give 32bit.
480AC_CHECK_TYPE(int8_t, signed char)
481AC_CHECK_TYPE(int16_t, short)
482AC_CHECK_TYPE(int32_t, int)
483AC_CHECK_TYPE(int64_t, long long)
484AC_CHECK_TYPE(uint8_t, unsigned char)
485AC_CHECK_TYPE(uint16_t, unsigned short)
486AC_CHECK_TYPE(uint32_t, unsigned int)
487AC_CHECK_TYPE(uint64_t, unsigned long long)
488AC_TYPE_SIZE_T
489AC_CHECK_TYPE(ssize_t, int)
490AC_TYPE_UID_T
491AC_TYPE_PID_T
492AC_TYPE_OFF_T
493ACX_TYPE_U_CHAR
494ACX_TYPE_RLIM_T
495ACX_TYPE_SOCKLEN_T
496ACX_TYPE_IN_ADDR_T
497ACX_TYPE_IN_PORT_T
498ACX_CHECK_MEMCMP_SIGNED
499
500AC_CHECK_SIZEOF(time_t,,[
501AC_INCLUDES_DEFAULT
502#ifdef TIME_WITH_SYS_TIME
503# include <sys/time.h>
504# include <time.h>
505#else
506# ifdef HAVE_SYS_TIME_H
507#  include <sys/time.h>
508# else
509#  include <time.h>
510# endif
511#endif
512])
513AC_CHECK_SIZEOF(size_t)
514
515# add option to disable the evil rpath
516ACX_ARG_RPATH
517AC_SUBST(RUNTIME_PATH)
518
519# check to see if libraries are needed for these functions.
520AC_SEARCH_LIBS([inet_pton], [nsl])
521AC_SEARCH_LIBS([socket], [socket])
522
523# check whether strptime also works
524AC_DEFUN([AC_CHECK_STRPTIME_WORKS],
525[AC_REQUIRE([AC_PROG_CC])
526AC_MSG_CHECKING(whether strptime works)
527if test c${cross_compiling} = cno; then
528AC_RUN_IFELSE([AC_LANG_SOURCE([[
529#define _XOPEN_SOURCE 600
530#include <time.h>
531int main(void) { struct tm tm; char *res;
532res = strptime("2010-07-15T00:00:00+00:00", "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
533if (!res) return 2;
534res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm);
535if (!res) return 1; return 0; }
536]])] , [eval "ac_cv_c_strptime_works=yes"], [eval "ac_cv_c_strptime_works=no"],
537[eval "ac_cv_c_strptime_works=maybe"])
538else
539eval "ac_cv_c_strptime_works=maybe"
540fi
541AC_MSG_RESULT($ac_cv_c_strptime_works)
542if test $ac_cv_c_strptime_works = no; then
543AC_LIBOBJ(strptime)
544else
545AC_DEFINE_UNQUOTED([STRPTIME_WORKS], 1, [use default strptime.])
546fi
547])dnl
548
549# check some functions of the OS before linking libs (while still runnable).
550AC_FUNC_CHOWN
551AC_FUNC_FORK
552AC_DEFINE(RETSIGTYPE,void,[Return type of signal handlers, but autoconf 2.70 says 'your code may safely assume C89 semantics that RETSIGTYPE is void.'])
553AC_FUNC_FSEEKO
554ACX_SYS_LARGEFILE
555ACX_CHECK_NONBLOCKING_BROKEN
556ACX_MKDIR_ONE_ARG
557AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])])
558
559# check if we can use SO_REUSEPORT
560reuseport_default=0
561if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi
562if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi
563if test "$reuseport_default" = 1; then
564	AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default])
565else
566	AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default])
567fi
568
569# Include systemd.m4 - begin
570sinclude(systemd.m4)
571# Include systemd.m4 - end
572
573# set memory allocation checking if requested
574AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]),
575	, )
576AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]),
577	, )
578AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]),
579	, )
580if test x_$enable_alloc_nonregional = x_yes; then
581	AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use])
582fi
583if test x_$enable_alloc_checks = x_yes; then
584	AC_DEFINE(UNBOUND_ALLOC_STATS, 1, [use statistics for allocs and frees, for debug use])
585	SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo"
586	AC_SUBST(SLDNS_ALLOCCHECK_EXTRA_OBJ)
587	ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo"
588	AC_SUBST(ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ)
589else
590	if test x_$enable_alloc_lite = x_yes; then
591		AC_DEFINE(UNBOUND_ALLOC_LITE, 1, [use to enable lightweight alloc assertions, for debug use])
592	else
593		ACX_FUNC_MALLOC([unbound])
594	fi
595fi
596
597# check windows threads (we use them, not pthreads, on windows).
598if test "$on_mingw" = "yes"; then
599# check windows threads
600	AC_CHECK_HEADERS([windows.h],,, [AC_INCLUDES_DEFAULT])
601	AC_MSG_CHECKING([for CreateThread])
602	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
603#ifdef HAVE_WINDOWS_H
604#include <windows.h>
605#endif
606], [
607	HANDLE t = CreateThread(NULL, 0, NULL, NULL, 0, NULL);
608])],
609	AC_MSG_RESULT(yes)
610	AC_DEFINE(HAVE_WINDOWS_THREADS, 1, [Using Windows threads])
611,
612	AC_MSG_RESULT(no)
613)
614
615else
616# not on mingw, check thread libraries.
617
618# check for thread library.
619# check this first, so that the pthread lib does not get linked in via
620# libssl or libpython, and thus distorts the tests, and we end up using
621# the non-threadsafe C libraries.
622AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]),
623 [ ],[ withval="yes" ])
624ub_have_pthreads=no
625if test x_$withval != x_no; then
626	AX_PTHREAD([
627		AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.])
628		if test -n "$PTHREAD_LIBS"; then
629		  LIBS="$PTHREAD_LIBS $LIBS"
630		fi
631		CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
632		CC="$PTHREAD_CC"
633		ub_have_pthreads=yes
634		AC_CHECK_TYPES([pthread_spinlock_t, pthread_rwlock_t],,,[#include <pthread.h>])
635		AC_CHECK_SIZEOF([unsigned long])
636		AC_CHECK_SIZEOF(pthread_t)
637
638		if echo "$CFLAGS" | $GREP -e "-pthread" >/dev/null; then
639		AC_MSG_CHECKING([if -pthread unused during linking])
640		# catch clang warning 'argument unused during compilation'
641		AC_LANG_CONFTEST([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT
642[[
643int main(void) {return 0;}
644]])])
645		pthread_unused="yes"
646		# first compile
647		echo "$CC $CFLAGS -c conftest.c -o conftest.o" >&AS_MESSAGE_LOG_FD
648		$CC $CFLAGS -c conftest.c -o conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD
649		if test $? = 0; then
650			# then link
651			echo "$CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest contest.o" >&AS_MESSAGE_LOG_FD
652			$CC $CFLAGS -Werror $LDFLAGS $LIBS -o conftest conftest.o 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD
653			if test $? -ne 0; then
654				AC_MSG_RESULT(yes)
655				CFLAGS=`echo "$CFLAGS" | sed -e 's/-pthread//'`
656				PTHREAD_CFLAGS_ONLY="-pthread"
657				AC_SUBST(PTHREAD_CFLAGS_ONLY)
658			else
659				AC_MSG_RESULT(no)
660			fi
661		else
662			AC_MSG_RESULT(no)
663		fi # endif cc successful
664		rm -f conftest conftest.c conftest.o
665		fi # endif -pthread in CFLAGS
666
667		])
668fi
669
670# check solaris thread library
671AC_ARG_WITH(solaris-threads, AS_HELP_STRING([--with-solaris-threads],[use solaris native thread library.]), [ ],[ withval="no" ])
672ub_have_sol_threads=no
673if test x_$withval != x_no; then
674	if test x_$ub_have_pthreads != x_no; then
675	    AC_MSG_WARN([Have pthreads already, ignoring --with-solaris-threads])
676	else
677	AC_SEARCH_LIBS(thr_create, [thread],
678	[
679    		AC_DEFINE(HAVE_SOLARIS_THREADS, 1, [Using Solaris threads])
680
681		ACX_CHECK_COMPILER_FLAG(mt, [CFLAGS="$CFLAGS -mt"],
682			[CFLAGS="$CFLAGS -D_REENTRANT"])
683		ub_have_sol_threads=yes
684	] , [
685		AC_MSG_ERROR([no solaris threads found.])
686	])
687	fi
688fi
689
690fi # end of non-mingw check of thread libraries
691
692# Check for SYSLOG_FACILITY
693AC_ARG_WITH(syslog-facility, AS_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7],[ set SYSLOG_FACILITY, default DAEMON ]),
694	[ UNBOUND_SYSLOG_FACILITY="$withval" ], [])
695case "${UNBOUND_SYSLOG_FACILITY}" in
696
697  LOCAL[[0-7]]) UNBOUND_SYSLOG_FACILITY="LOG_${UNBOUND_SYSLOG_FACILITY}" ;;
698
699           *) UNBOUND_SYSLOG_FACILITY="LOG_DAEMON" ;;
700
701esac
702AC_DEFINE_UNQUOTED(UB_SYSLOG_FACILITY,${UNBOUND_SYSLOG_FACILITY},[the SYSLOG_FACILITY to use, default LOG_DAEMON])
703
704# Check for dynamic library module
705AC_ARG_WITH(dynlibmodule,
706   AS_HELP_STRING([--with-dynlibmodule],[build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]),
707   [], [ withval="no" ])
708
709if test x_$withval != x_no; then
710  AC_DEFINE(WITH_DYNLIBMODULE, 1, [Define if you want dynlib module.])
711  WITH_DYNLIBMODULE=yes
712  AC_SUBST(WITH_DYNLIBMODULE)
713  DYNLIBMOD_OBJ="dynlibmod.lo"
714  AC_SUBST(DYNLIBMOD_OBJ)
715  DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h'
716  AC_SUBST(DYNLIBMOD_HEADER)
717  if test $on_mingw = "no"; then
718    # link with -ldl if not already there, for all executables because
719    # dlopen call is in the dynlib module.  For unbound executable, also
720    # export symbols.
721    AC_SEARCH_LIBS([dlopen], [dl])
722    DYNLIBMOD_EXTRALIBS="-export-dynamic"
723  else
724    DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a"
725  fi
726  AC_SUBST(DYNLIBMOD_EXTRALIBS)
727fi
728
729# Check for PyUnbound
730AC_ARG_WITH(pyunbound,
731   AS_HELP_STRING([--with-pyunbound],[build PyUnbound, or --without-pyunbound to skip it. (default=no)]),
732   [], [ withval="no" ])
733
734ub_test_python=no
735ub_with_pyunbound=no
736if test x_$withval != x_no; then
737   ub_with_pyunbound=yes
738   ub_test_python=yes
739fi
740
741# Check for Python module
742AC_ARG_WITH(pythonmodule,
743   AS_HELP_STRING([--with-pythonmodule],[build Python module, or --without-pythonmodule to disable script engine. (default=no)]),
744   [], [ withval="no" ])
745
746ub_with_pythonmod=no
747if test x_$withval != x_no; then
748   ub_with_pythonmod=yes
749   ub_test_python=yes
750fi
751
752# Check for Python & SWIG only on PyUnbound or PyModule
753if test x_$ub_test_python != x_no; then
754
755   # Check for Python
756   ub_have_python=no
757   ac_save_LIBS="$LIBS" dnl otherwise AC_PYTHON_DEVEL thrashes $LIBS
758   AC_PYTHON_DEVEL
759   if test ! -z "$PYTHON_VERSION"; then
760	badversion="no"
761	if test "$PYTHON_VERSION_MAJOR" -lt 2; then
762		badversion="yes"
763	fi
764	if test "$PYTHON_VERSION_MAJOR" -eq 2 -a "$PYTHON_VERSION_MINOR" -lt 4; then
765		badversion="yes"
766	fi
767	if test "$badversion" = "yes"; then
768		AC_MSG_ERROR([Python version >= 2.4.0 is required])
769	fi
770
771      [PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"]
772      AC_SUBST(PY_MAJOR_VERSION)
773      # Have Python
774      AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.])
775      if test x_$ub_with_pythonmod != x_no; then
776        if test -n "$LIBS"; then
777          LIBS="$PYTHON_LDFLAGS $LIBS"
778        else
779          LIBS="$PYTHON_LDFLAGS"
780        fi
781      fi
782      PYTHON_LIBS="$PYTHON_LDFLAGS"
783      AC_SUBST(PYTHON_LIBS)
784      if test -n "$CPPFLAGS"; then
785        CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
786      else
787        CPPFLAGS="$PYTHON_CPPFLAGS"
788      fi
789      if test "$PYTHON_LIBDIR" != "/usr/lib" -a "$PYTHON_LIBDIR" != "" -a "$PYTHON_LIBDIR" != "/usr/lib64"; then
790        ACX_RUNTIME_PATH_ADD([$PYTHON_LIBDIR])
791      fi
792      ub_have_python=yes
793      PKG_CHECK_EXISTS(["python${PY_MAJOR_VERSION}"],
794                       [PC_PY_DEPENDENCY="python${PY_MAJOR_VERSION}"],
795                       [PC_PY_DEPENDENCY="python"])
796      AC_SUBST(PC_PY_DEPENDENCY)
797
798      # Check for SWIG
799      ub_have_swig=no
800      AC_ARG_ENABLE(swig-version-check, AS_HELP_STRING([--disable-swig-version-check],[Disable swig version check to build python modules with older swig even though that is unreliable]))
801      if test "$enable_swig_version_check" = "yes"; then
802      	AX_PKG_SWIG(2.0.1)
803      else
804      	AX_PKG_SWIG
805      fi
806      AC_MSG_CHECKING(SWIG)
807      if test ! -x "$SWIG"; then
808         AC_MSG_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound])
809      else
810         AC_DEFINE(HAVE_SWIG, 1, [Define if you have Swig libraries and header files.])
811         AC_SUBST(swig, "$SWIG")
812         AC_MSG_RESULT(present)
813
814         # If have Python & SWIG
815         # Declare PythonMod
816         if test x_$ub_with_pythonmod != x_no; then
817            AC_DEFINE(WITH_PYTHONMODULE, 1, [Define if you want Python module.])
818            WITH_PYTHONMODULE=yes
819            AC_SUBST(WITH_PYTHONMODULE)
820	    PYTHONMOD_OBJ="pythonmod.lo pythonmod_utils.lo"
821	    AC_SUBST(PYTHONMOD_OBJ)
822	    PYTHONMOD_HEADER='$(srcdir)/pythonmod/pythonmod.h'
823	    AC_SUBST(PYTHONMOD_HEADER)
824	    PYTHONMOD_INSTALL=pythonmod-install
825	    AC_SUBST(PYTHONMOD_INSTALL)
826	    PYTHONMOD_UNINSTALL=pythonmod-uninstall
827	    AC_SUBST(PYTHONMOD_UNINSTALL)
828         fi
829
830         # Declare PyUnbound
831         if test x_$ub_with_pyunbound != x_no; then
832            AC_DEFINE(WITH_PYUNBOUND, 1, [Define if you want PyUnbound.])
833            WITH_PYUNBOUND=yes
834            AC_SUBST(WITH_PYUNBOUND)
835	    PYUNBOUND_OBJ="libunbound_wrap.lo"
836	    AC_SUBST(PYUNBOUND_OBJ)
837	    PYUNBOUND_TARGET="_unbound.la"
838	    AC_SUBST(PYUNBOUND_TARGET)
839	    PYUNBOUND_INSTALL=pyunbound-install
840	    AC_SUBST(PYUNBOUND_INSTALL)
841	    PYUNBOUND_UNINSTALL=pyunbound-uninstall
842	    AC_SUBST(PYUNBOUND_UNINSTALL)
843         fi
844      fi
845   else
846      AC_MSG_RESULT([*** Python libraries not found, won't build PythonMod or PyUnbound ***])
847      ub_with_pyunbound=no
848      ub_with_pythonmod=no
849   fi
850fi
851
852if test "`uname`" = "NetBSD"; then
853	NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_'
854	AC_SUBST(NETBSD_LINTFLAGS)
855fi
856
857if test "`uname`" = "Linux"; then
858	# splint cannot parse modern c99 header files
859	GCC_DOCKER_LINTFLAGS='-syntax'
860	AC_SUBST(GCC_DOCKER_LINTFLAGS)
861fi
862CONFIG_DATE=`date +%Y%m%d`
863AC_SUBST(CONFIG_DATE)
864
865# Checks for libraries.
866
867# libnss
868USE_NSS="no"
869AC_ARG_WITH([nss], AS_HELP_STRING([--with-nss=path],[use libnss instead of openssl, installed at path.]),
870	[
871	USE_NSS="yes"
872	AC_DEFINE(HAVE_NSS, 1, [Use libnss for crypto])
873	if test "$withval" != "" -a "$withval" != "yes"; then
874		CPPFLAGS="$CPPFLAGS -I$withval/include/nss3"
875		LDFLAGS="$LDFLAGS -L$withval/lib"
876		ACX_RUNTIME_PATH_ADD([$withval/lib])
877		CPPFLAGS="-I$withval/include/nspr4 $CPPFLAGS"
878	else
879		CPPFLAGS="$CPPFLAGS -I/usr/include/nss3"
880		CPPFLAGS="-I/usr/include/nspr4 $CPPFLAGS"
881	fi
882        LIBS="$LIBS -lnss3 -lnspr4"
883	SSLLIB=""
884	PC_CRYPTO_DEPENDENCY="nss nspr"
885	AC_SUBST(PC_CRYPTO_DEPENDENCY)
886	]
887)
888
889# libnettle
890USE_NETTLE="no"
891AC_ARG_WITH([nettle], AS_HELP_STRING([--with-nettle=path],[use libnettle as crypto library, installed at path.]),
892	[
893	USE_NETTLE="yes"
894	AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto])
895	AC_CHECK_HEADERS([nettle/dsa-compat.h],,, [AC_INCLUDES_DEFAULT])
896	if test "$withval" != "" -a "$withval" != "yes"; then
897		CPPFLAGS="$CPPFLAGS -I$withval/include/nettle"
898		LDFLAGS="$LDFLAGS -L$withval/lib"
899		ACX_RUNTIME_PATH_ADD([$withval/lib])
900	else
901		CPPFLAGS="$CPPFLAGS -I/usr/include/nettle"
902	fi
903        LIBS="$LIBS -lhogweed -lnettle -lgmp"
904	SSLLIB=""
905	PC_CRYPTO_DEPENDENCY="hogweed nettle"
906	AC_SUBST(PC_CRYPTO_DEPENDENCY)
907	]
908)
909
910# openssl
911if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
912ACX_WITH_SSL
913ACX_LIB_SSL
914SSLLIB="-lssl"
915
916PC_CRYPTO_DEPENDENCY=""
917AC_SUBST(PC_CRYPTO_DEPENDENCY)
918
919# check if -lcrypt32 is needed because CAPIENG needs that. (on windows)
920BAKLIBS="$LIBS"
921LIBS="-lssl $LIBS"
922AC_MSG_CHECKING([if libssl needs -lcrypt32])
923AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
924	int EVP_sha256(void);
925	(void)EVP_sha256();
926]])], [
927	AC_MSG_RESULT([no])
928	LIBS="$BAKLIBS"
929], [
930	AC_MSG_RESULT([yes])
931	LIBS="$BAKLIBS"
932	LIBS="$LIBS -lcrypt32"
933])
934
935AC_MSG_CHECKING([for LibreSSL])
936if grep VERSION_TEXT $ssldir_include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
937	AC_MSG_RESULT([yes])
938	AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
939	# libressl provides these compat functions, but they may also be
940	# declared by the OS in libc.  See if they have been declared.
941	AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform])
942else
943	AC_MSG_RESULT([no])
944fi
945AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
946AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
947
948# these check_funcs need -lssl
949BAKLIBS="$LIBS"
950LIBS="-lssl $LIBS"
951AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate])
952LIBS="$BAKLIBS"
953
954AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
955AC_INCLUDES_DEFAULT
956#ifdef HAVE_OPENSSL_ERR_H
957#include <openssl/err.h>
958#endif
959
960#ifdef HAVE_OPENSSL_RAND_H
961#include <openssl/rand.h>
962#endif
963
964#ifdef HAVE_OPENSSL_CONF_H
965#include <openssl/conf.h>
966#endif
967
968#ifdef HAVE_OPENSSL_ENGINE_H
969#include <openssl/engine.h>
970#endif
971#include <openssl/ssl.h>
972#include <openssl/evp.h>
973])
974
975if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then
976# check function return type.
977AC_MSG_CHECKING(the return type of HMAC_Init_ex)
978AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
979#ifdef HAVE_OPENSSL_ERR_H
980#include <openssl/err.h>
981#endif
982
983#ifdef HAVE_OPENSSL_RAND_H
984#include <openssl/rand.h>
985#endif
986
987#ifdef HAVE_OPENSSL_CONF_H
988#include <openssl/conf.h>
989#endif
990
991#ifdef HAVE_OPENSSL_ENGINE_H
992#include <openssl/engine.h>
993#endif
994#include <openssl/ssl.h>
995#include <openssl/evp.h>
996], [
997	HMAC_CTX* hmac_ctx = NULL;
998	void* hmac_key = NULL;
999	const EVP_MD* digest = NULL;
1000	int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL);
1001	(void)x;
1002])], [
1003	AC_MSG_RESULT(int)
1004], [
1005	AC_MSG_RESULT(void)
1006	AC_DEFINE([HMAC_INIT_EX_RETURNS_VOID], 1, [If HMAC_Init_ex() returns void])
1007])
1008fi
1009
1010fi
1011AC_SUBST(SSLLIB)
1012
1013# libbsd
1014AC_ARG_WITH([libbsd], AS_HELP_STRING([--with-libbsd],[Use portable libbsd functions]), [
1015	AC_CHECK_HEADERS([bsd/string.h bsd/stdlib.h],,, [AC_INCLUDES_DEFAULT])
1016	if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then
1017		for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do
1018			AC_SEARCH_LIBS([$func], [bsd], [
1019				AC_DEFINE(HAVE_LIBBSD, 1, [Use portable libbsd functions])
1020				PC_LIBBSD_DEPENDENCY=libbsd
1021				AC_SUBST(PC_LIBBSD_DEPENDENCY)
1022			])
1023		done
1024	fi
1025])
1026
1027AC_ARG_ENABLE(sha1, AS_HELP_STRING([--disable-sha1],[Disable SHA1 RRSIG support, does not disable nsec3 support]))
1028case "$enable_sha1" in
1029	no)
1030	;;
1031	yes|*)
1032	AC_DEFINE([USE_SHA1], [1], [Define this to enable SHA1 support.])
1033	;;
1034esac
1035
1036
1037AC_ARG_ENABLE(sha2, AS_HELP_STRING([--disable-sha2],[Disable SHA256 and SHA512 RRSIG support]))
1038case "$enable_sha2" in
1039	no)
1040	;;
1041	yes|*)
1042	AC_DEFINE([USE_SHA2], [1], [Define this to enable SHA256 and SHA512 support.])
1043	;;
1044esac
1045
1046AC_ARG_ENABLE(subnet, AS_HELP_STRING([--enable-subnet],[Enable client subnet]))
1047case "$enable_subnet" in
1048	yes)
1049	AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.])
1050	SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo"
1051	AC_SUBST(SUBNET_OBJ)
1052	SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h'
1053	AC_SUBST(SUBNET_HEADER)
1054	;;
1055	no|*)
1056	;;
1057esac
1058
1059# check whether gost also works
1060AC_DEFUN([AC_CHECK_GOST_WORKS],
1061[AC_REQUIRE([AC_PROG_CC])
1062AC_MSG_CHECKING([if GOST works])
1063if test c${cross_compiling} = cno; then
1064BAKCFLAGS="$CFLAGS"
1065if test -n "$ssldir"; then
1066	CFLAGS="$CFLAGS -Wl,-rpath,$ssldir_lib"
1067fi
1068AC_RUN_IFELSE([AC_LANG_SOURCE([[
1069#include <string.h>
1070#include <openssl/ssl.h>
1071#include <openssl/evp.h>
1072#include <openssl/engine.h>
1073#include <openssl/conf.h>
1074/* routine to load gost (from sldns) */
1075int load_gost_id(void)
1076{
1077	static int gost_id = 0;
1078	const EVP_PKEY_ASN1_METHOD* meth;
1079	ENGINE* e;
1080
1081	if(gost_id) return gost_id;
1082
1083	/* see if configuration loaded gost implementation from other engine*/
1084	meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
1085	if(meth) {
1086		EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
1087		return gost_id;
1088	}
1089
1090	/* see if engine can be loaded already */
1091	e = ENGINE_by_id("gost");
1092	if(!e) {
1093		/* load it ourself, in case statically linked */
1094		ENGINE_load_builtin_engines();
1095		ENGINE_load_dynamic();
1096		e = ENGINE_by_id("gost");
1097	}
1098	if(!e) {
1099		/* no gost engine in openssl */
1100		return 0;
1101	}
1102	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
1103		ENGINE_finish(e);
1104		ENGINE_free(e);
1105		return 0;
1106	}
1107
1108	meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
1109	if(!meth) {
1110		/* algo not found */
1111		ENGINE_finish(e);
1112		ENGINE_free(e);
1113		return 0;
1114	}
1115	EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
1116	return gost_id;
1117}
1118int main(void) {
1119	EVP_MD_CTX* ctx;
1120	const EVP_MD* md;
1121	unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */
1122	const char* str = "Hello world";
1123	const unsigned char check[] = {
1124		0x40 , 0xed , 0xf8 , 0x56 , 0x5a , 0xc5 , 0x36 , 0xe1 ,
1125		0x33 , 0x7c , 0x7e , 0x87 , 0x62 , 0x1c , 0x42 , 0xe0 ,
1126		0x17 , 0x1b , 0x5e , 0xce , 0xa8 , 0x46 , 0x65 , 0x4d ,
1127		0x8d , 0x3e , 0x22 , 0x9b , 0xe1 , 0x30 , 0x19 , 0x9d
1128	};
1129	OPENSSL_config(NULL);
1130	(void)load_gost_id();
1131	md = EVP_get_digestbyname("md_gost94");
1132	if(!md) return 1;
1133	memset(digest, 0, sizeof(digest));
1134	ctx = EVP_MD_CTX_create();
1135	if(!ctx) return 2;
1136	if(!EVP_DigestInit_ex(ctx, md, NULL)) return 3;
1137	if(!EVP_DigestUpdate(ctx, str, 10)) return 4;
1138	if(!EVP_DigestFinal_ex(ctx, digest, NULL)) return 5;
1139	/* uncomment to see the hash calculated.
1140		{int i;
1141		for(i=0; i<32; i++)
1142			printf(" %2.2x", (int)digest[i]);
1143		printf("\n");}
1144	*/
1145	if(memcmp(digest, check, sizeof(check)) != 0)
1146		return 6;
1147	return 0;
1148}
1149]])] , [eval "ac_cv_c_gost_works=yes"], [eval "ac_cv_c_gost_works=no"],
1150[eval "ac_cv_c_gost_works=maybe"])
1151CFLAGS="$BAKCFLAGS"
1152else
1153eval "ac_cv_c_gost_works=maybe"
1154fi
1155AC_MSG_RESULT($ac_cv_c_gost_works)
1156])dnl
1157
1158AC_ARG_ENABLE(gost, AS_HELP_STRING([--disable-gost],[Disable GOST support]))
1159use_gost="no"
1160if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
1161case "$enable_gost" in
1162	no)
1163	;;
1164	*)
1165	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL 1.0.0 is needed for GOST support])])
1166	AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([OpenSSL does not support ECC, needed for GOST support])])
1167	AC_CHECK_GOST_WORKS
1168	if test "$ac_cv_c_gost_works" != no; then
1169		use_gost="yes"
1170		AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
1171	fi
1172	;;
1173esac
1174fi dnl !USE_NSS && !USE_NETTLE
1175
1176AC_ARG_ENABLE(ecdsa, AS_HELP_STRING([--disable-ecdsa],[Disable ECDSA support]))
1177use_ecdsa="no"
1178case "$enable_ecdsa" in
1179    no)
1180      ;;
1181    *)
1182      if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
1183	      AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])])
1184	      AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])])
1185	      AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
1186#include <openssl/evp.h>
1187	      ])
1188	      # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
1189	      AC_MSG_CHECKING([if openssl supports SHA2 and ECDSA with EVP])
1190	      if grep OPENSSL_VERSION_TEXT $ssldir_include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then
1191		if grep OPENSSL_VERSION_NUMBER $ssldir_include/openssl/opensslv.h | grep 0x0 >/dev/null; then
1192		  AC_MSG_RESULT([no])
1193		  AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl])
1194		else
1195		  AC_MSG_RESULT([yes])
1196		fi
1197	      else
1198		# not OpenSSL, thus likely LibreSSL, which supports it
1199		AC_MSG_RESULT([yes])
1200	      fi
1201      fi
1202      # we now know we have ECDSA and the required curves.
1203      AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.])
1204      use_ecdsa="yes"
1205      ;;
1206esac
1207
1208AC_ARG_ENABLE(dsa, AS_HELP_STRING([--disable-dsa],[Disable DSA support]))
1209use_dsa="no"
1210case "$enable_dsa" in
1211    yes)
1212      # detect if DSA is supported, and turn it off if not.
1213      if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
1214      AC_CHECK_FUNC(DSA_SIG_new, [
1215      AC_CHECK_TYPE(DSA_SIG*, [
1216      AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
1217      ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
1218               fi ], [
1219AC_INCLUDES_DEFAULT
1220#ifdef HAVE_OPENSSL_ERR_H
1221#include <openssl/err.h>
1222#endif
1223
1224#ifdef HAVE_OPENSSL_RAND_H
1225#include <openssl/rand.h>
1226#endif
1227
1228#ifdef HAVE_OPENSSL_CONF_H
1229#include <openssl/conf.h>
1230#endif
1231
1232#ifdef HAVE_OPENSSL_ENGINE_H
1233#include <openssl/engine.h>
1234#endif
1235      ])
1236      ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
1237               fi ])
1238      else
1239      AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
1240      fi
1241      ;;
1242    *)
1243      # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT
1244      # support DSA for DNSSEC Validation.
1245      ;;
1246esac
1247
1248AC_ARG_WITH(deprecate-rsa-1024, AS_HELP_STRING([--with-deprecate-rsa-1024],[Deprecate RSA 1024 bit length, makes that an unsupported key, for use when OpenSSL FIPS refuses 1024 bit verification]))
1249if test "$with_deprecate_rsa_1024" = "yes"; then
1250	AC_DEFINE([DEPRECATE_RSA_1024], [1], [Deprecate RSA 1024 bit length, makes that an unsupported key])
1251fi
1252
1253AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable ED25519 support]))
1254use_ed25519="no"
1255case "$enable_ed25519" in
1256    no)
1257      ;;
1258    *)
1259      if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
1260	      AC_CHECK_DECLS([NID_ED25519], [
1261      		use_ed25519="yes"
1262	      ], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
1263	      	fi ], [AC_INCLUDES_DEFAULT
1264#include <openssl/evp.h>
1265	      ])
1266      fi
1267      if test $USE_NETTLE = "yes"; then
1268		AC_CHECK_HEADERS([nettle/eddsa.h], use_ed25519="yes",, [AC_INCLUDES_DEFAULT])
1269      fi
1270      if test $use_ed25519 = "yes"; then
1271      		AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
1272      fi
1273      ;;
1274esac
1275
1276AC_ARG_ENABLE(ed448, AS_HELP_STRING([--disable-ed448],[Disable ED448 support]))
1277use_ed448="no"
1278case "$enable_ed448" in
1279    no)
1280      ;;
1281    *)
1282      if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
1283	      AC_CHECK_DECLS([NID_ED448], [
1284      		use_ed448="yes"
1285	      ], [ if test "x$enable_ed448" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED448 and you used --enable-ed448.])
1286	      	fi ], [AC_INCLUDES_DEFAULT
1287#include <openssl/evp.h>
1288	      ])
1289      fi
1290      if test $use_ed448 = "yes"; then
1291      		AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.])
1292      fi
1293      ;;
1294esac
1295
1296AC_ARG_ENABLE(event-api, AS_HELP_STRING([--enable-event-api],[Enable (experimental) pluggable event base libunbound API installed to unbound-event.h]))
1297case "$enable_event_api" in
1298    yes)
1299      AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install])
1300      AC_SUBST(UNBOUND_EVENT_UNINSTALL, [unbound-event-uninstall])
1301      ;;
1302    *)
1303      ;;
1304esac
1305
1306AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode]))
1307case "$enable_tfo_client" in
1308	yes)
1309		case "$host_os" in
1310			linux*) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
1311				[AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
1312				[AC_INCLUDES_DEFAULT
1313#include <netinet/tcp.h>
1314])
1315				AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
1316				;;
1317			darwin*) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
1318				[AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
1319				[AC_INCLUDES_DEFAULT
1320#include <sys/socket.h>
1321])
1322				AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
1323				;;
1324		esac
1325		;;
1326	no|*)
1327		;;
1328esac
1329
1330AC_ARG_ENABLE(tfo-server, AS_HELP_STRING([--enable-tfo-server],[Enable TCP Fast Open for server mode]))
1331case "$enable_tfo_server" in
1332	yes)
1333	      AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT
1334#include <netinet/tcp.h>
1335	      ])
1336		AC_DEFINE_UNQUOTED([USE_TCP_FASTOPEN], [1], [Define this to enable server TCP Fast Open.])
1337		;;
1338	no|*)
1339		;;
1340esac
1341
1342# check for libevent
1343AC_ARG_WITH(libevent, AS_HELP_STRING([--with-libevent=pathname],[use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr  or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]),
1344    [ ],[ with_libevent="no" ])
1345if test "x_$with_libevent" != x_no; then
1346        AC_DEFINE([USE_LIBEVENT], [1], [Define if you enable libevent])
1347        AC_MSG_CHECKING(for libevent)
1348        if test "x_$with_libevent" = x_ -o "x_$with_libevent" = x_yes; then
1349            with_libevent="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
1350        fi
1351        for dir in $with_libevent; do
1352            thedir="$dir"
1353            if test -f "$dir/include/event.h" -o -f "$dir/include/event2/event.h"; then
1354                found_libevent="yes"
1355				dnl assume /usr is in default path.
1356				if test "$thedir" != "/usr"; then
1357				    CPPFLAGS="$CPPFLAGS -I$thedir/include"
1358				fi
1359				break;
1360		    fi
1361        done
1362        if test x_$found_libevent != x_yes; then
1363		if test -f "$dir/event.h" -a \( -f "$dir/libevent.la" -o -f "$dir/libev.la" \) ; then
1364			# libevent source directory
1365			AC_MSG_RESULT(found in $thedir)
1366			CPPFLAGS="$CPPFLAGS -I$thedir -I$thedir/include"
1367			BAK_LDFLAGS_SET="1"
1368			BAK_LDFLAGS="$LDFLAGS"
1369			# remove evdns from linking
1370			mkdir build >/dev/null 2>&1
1371			mkdir build/libevent >/dev/null 2>&1
1372			mkdir build/libevent/.libs >/dev/null 2>&1
1373			ev_files_o=`ls $thedir/*.o | grep -v evdns\.o | grep -v bufferevent_openssl\.o`
1374			ev_files_lo=`ls $thedir/*.lo | grep -v evdns\.lo | grep -v bufferevent_openssl\.lo`
1375			ev_files_libso=`ls $thedir/.libs/*.o | grep -v evdns\.o | grep -v bufferevent_openssl\.o`
1376			cp $ev_files_o build/libevent
1377			cp $ev_files_lo build/libevent
1378			cp $ev_files_libso build/libevent/.libs
1379			LATE_LDFLAGS="build/libevent/*.lo -lm"
1380			LDFLAGS="build/libevent/*.o $LDFLAGS -lm"
1381		else
1382            AC_MSG_ERROR([Cannot find the libevent library in $with_libevent
1383You can restart ./configure --with-libevent=no to use a builtin alternative.
1384Please note that this alternative is not as capable as libevent when using
1385large outgoing port ranges.  ])
1386		fi
1387        else
1388            AC_MSG_RESULT(found in $thedir)
1389	    dnl if event2 exists and no event lib in dir itself, use subdir
1390	    if test ! -f $thedir/lib/libevent.a -a ! -f $thedir/lib/libevent.so -a -d "$thedir/lib/event2"; then
1391		    LDFLAGS="$LDFLAGS -L$thedir/lib/event2"
1392		    ACX_RUNTIME_PATH_ADD([$thedir/lib/event2])
1393	    else
1394		    dnl assume /usr is in default path, do not add "".
1395		    if test "$thedir" != "/usr" -a "$thedir" != ""; then
1396			LDFLAGS="$LDFLAGS -L$thedir/lib"
1397			ACX_RUNTIME_PATH_ADD([$thedir/lib])
1398		    fi
1399	    fi
1400        fi
1401	# check for library used by libevent after 1.3c
1402	AC_SEARCH_LIBS([clock_gettime], [rt])
1403
1404	# is the event.h header libev or libevent?
1405	AC_CHECK_HEADERS([event.h],,, [AC_INCLUDES_DEFAULT])
1406	AC_CHECK_DECL(EV_VERSION_MAJOR, [
1407		AC_SEARCH_LIBS(event_set, [ev])
1408	],[
1409		AC_SEARCH_LIBS(event_set, [event])
1410	],[AC_INCLUDES_DEFAULT
1411#include <event.h>
1412	])
1413	AC_CHECK_FUNCS([event_base_free]) # only in libevent 1.2 and later
1414	AC_CHECK_FUNCS([event_base_once]) # only in libevent 1.4.1 and later
1415	AC_CHECK_FUNCS([event_base_new]) # only in libevent 1.4.1 and later
1416	AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later
1417	AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51)
1418	AC_CHECK_FUNCS([ev_default_loop]) # only in libev. (tested on 4.00)
1419	AC_CHECK_FUNCS([event_assign]) # in libevent, for thread-safety
1420	AC_CHECK_DECLS([evsignal_assign], [], [], [AC_INCLUDES_DEFAULT
1421#ifdef HAVE_EVENT_H
1422#  include <event.h>
1423#else
1424#  include "event2/event.h"
1425#endif
1426	])
1427        PC_LIBEVENT_DEPENDENCY="libevent"
1428        AC_SUBST(PC_LIBEVENT_DEPENDENCY)
1429	if test -n "$BAK_LDFLAGS_SET"; then
1430		LDFLAGS="$BAK_LDFLAGS"
1431	fi
1432else
1433	AC_DEFINE(USE_MINI_EVENT, 1, [Define if you want to use internal select based events])
1434fi
1435
1436# check for libexpat
1437AC_ARG_WITH(libexpat, AS_HELP_STRING([--with-libexpat=path],[specify explicit path for libexpat.]),
1438    [ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ])
1439AC_MSG_CHECKING(for libexpat)
1440found_libexpat="no"
1441for dir in $withval ; do
1442            if test -f "$dir/include/expat.h"; then
1443		found_libexpat="yes"
1444		dnl assume /usr is in default path.
1445		if test "$dir" != "/usr"; then
1446                    CPPFLAGS="$CPPFLAGS -I$dir/include"
1447		    LDFLAGS="$LDFLAGS -L$dir/lib"
1448		fi
1449            	AC_MSG_RESULT(found in $dir)
1450                break;
1451            fi
1452done
1453if test x_$found_libexpat != x_yes; then
1454	AC_MSG_ERROR([Could not find libexpat, expat.h])
1455fi
1456AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT])
1457AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT
1458#include <expat.h>
1459])
1460
1461# hiredis (redis C client for cachedb)
1462AC_ARG_WITH(libhiredis, AS_HELP_STRING([--with-libhiredis=path],[specify explicit path for libhiredis.]),
1463    [ ],[ withval="no" ])
1464found_libhiredis="no"
1465if test x_$withval = x_yes -o x_$withval != x_no; then
1466   AC_MSG_CHECKING(for libhiredis)
1467   if test x_$withval = x_ -o x_$withval = x_yes; then
1468            withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
1469   fi
1470   for dir in $withval ; do
1471            if test -f "$dir/include/hiredis/hiredis.h"; then
1472		found_libhiredis="yes"
1473		dnl assume /usr is in default path.
1474		if test "$dir" != "/usr"; then
1475                    CPPFLAGS="$CPPFLAGS -I$dir/include"
1476		    LDFLAGS="$LDFLAGS -L$dir/lib"
1477		fi
1478		AC_MSG_RESULT(found in $dir)
1479		AC_DEFINE([USE_REDIS], [1], [Define this to use hiredis client.])
1480		LIBS="$LIBS -lhiredis"
1481                break;
1482            fi
1483    done
1484    if test x_$found_libhiredis != x_yes; then
1485	AC_MSG_ERROR([Could not find libhiredis, hiredis.h])
1486    fi
1487    AC_CHECK_HEADERS([hiredis/hiredis.h],,, [AC_INCLUDES_DEFAULT])
1488    AC_CHECK_DECLS([redisConnect], [], [], [AC_INCLUDES_DEFAULT
1489    #include <hiredis/hiredis.h>
1490    ])
1491fi
1492
1493# nghttp2
1494AC_ARG_WITH(libnghttp2, AS_HELP_STRING([--with-libnghttp2=path],[specify explicit path for libnghttp2.]),
1495    [ ],[ withval="no" ])
1496found_libnghttp2="no"
1497if test x_$withval = x_yes -o x_$withval != x_no; then
1498   AC_MSG_CHECKING(for libnghttp2)
1499   if test x_$withval = x_ -o x_$withval = x_yes; then
1500            withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
1501   fi
1502   for dir in $withval ; do
1503            if test -f "$dir/include/nghttp2/nghttp2.h"; then
1504		found_libnghttp2="yes"
1505		dnl assume /usr is in default path.
1506		if test "$dir" != "/usr"; then
1507                    CPPFLAGS="$CPPFLAGS -I$dir/include"
1508		    LDFLAGS="$LDFLAGS -L$dir/lib"
1509		fi
1510		AC_MSG_RESULT(found in $dir)
1511		AC_DEFINE([HAVE_NGHTTP2], [1], [Define this to use nghttp2 client.])
1512		LIBS="$LIBS -lnghttp2"
1513                break;
1514            fi
1515    done
1516    if test x_$found_libnghttp2 != x_yes; then
1517	AC_MSG_ERROR([Could not find libnghttp2, nghttp2.h])
1518    fi
1519    AC_CHECK_HEADERS([nghttp2/nghttp2.h],,, [AC_INCLUDES_DEFAULT])
1520    AC_CHECK_DECLS([nghttp2_session_server_new], [], [], [AC_INCLUDES_DEFAULT
1521    #include <nghttp2/nghttp2.h>
1522    ])
1523fi
1524
1525# set static linking for uninstalled libraries if requested
1526AC_SUBST(staticexe)
1527staticexe=""
1528AC_ARG_ENABLE(static-exe, AS_HELP_STRING([--enable-static-exe],[ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]),
1529	, )
1530if test x_$enable_static_exe = x_yes; then
1531	staticexe="-static"
1532	if test "$on_mingw" = yes; then
1533		staticexe="-all-static"
1534		# for static compile, include gdi32 and zlib here.
1535		if echo "$LIBS" | grep 'lgdi32' >/dev/null; then
1536			:
1537		else
1538			LIBS="$LIBS -lgdi32"
1539		fi
1540		AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
1541		if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
1542			:
1543		else
1544			LIBS="$LIBS -l:libssp.a"
1545		fi
1546	fi
1547fi
1548
1549# set full static linking if requested
1550AC_ARG_ENABLE(fully-static, AS_HELP_STRING([--enable-fully-static],[ enable to compile fully static ]),
1551	, )
1552if test x_$enable_fully_static = x_yes; then
1553	staticexe="-all-static"
1554	if test "$on_mingw" = yes; then
1555		# for static compile, include gdi32 and zlib here.
1556		if echo $LIBS | grep 'lgdi32' >/dev/null; then
1557			:
1558		else
1559			LIBS="$LIBS -lgdi32"
1560		fi
1561		AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
1562		if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
1563			:
1564		else
1565			LIBS="$LIBS -l:libssp.a"
1566		fi
1567	fi
1568fi
1569
1570# set lock checking if requested
1571AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]),
1572	, )
1573if test x_$enable_lock_checks = x_yes; then
1574	AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).])
1575	CHECKLOCK_OBJ="checklocks.lo"
1576	AC_SUBST(CHECKLOCK_OBJ)
1577fi
1578
1579ACX_CHECK_GETADDRINFO_WITH_INCLUDES
1580if test "$USE_WINSOCK" = 1; then
1581	AC_DEFINE(UB_ON_WINDOWS, 1, [Use win32 resources and API])
1582	AC_CHECK_HEADERS([iphlpapi.h],,, [AC_INCLUDES_DEFAULT
1583#include <windows.h>
1584	])
1585	AC_CHECK_TOOL(WINDRES, windres)
1586	if echo "$LIBS" | grep crypt32 >/dev/null; then
1587		LIBS="$LIBS -liphlpapi"
1588	else
1589		LIBS="$LIBS -liphlpapi -lcrypt32"
1590	fi
1591	WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
1592	AC_SUBST(WINAPPS)
1593	WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"
1594	AC_SUBST(WIN_DAEMON_SRC)
1595	WIN_DAEMON_OBJ="win_svc.lo w_inst.lo"
1596	AC_SUBST(WIN_DAEMON_OBJ)
1597	WIN_DAEMON_OBJ_LINK="rsrc_unbound.o"
1598	AC_SUBST(WIN_DAEMON_OBJ_LINK)
1599	WIN_HOST_OBJ_LINK="rsrc_unbound_host.o"
1600	AC_SUBST(WIN_HOST_OBJ_LINK)
1601	WIN_UBANCHOR_OBJ_LINK="rsrc_unbound_anchor.o log.lo locks.lo"
1602	AC_SUBST(WIN_UBANCHOR_OBJ_LINK)
1603	WIN_CONTROL_OBJ_LINK="rsrc_unbound_control.o"
1604	AC_SUBST(WIN_CONTROL_OBJ_LINK)
1605	WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o"
1606	AC_SUBST(WIN_CHECKCONF_OBJ_LINK)
1607	AC_DEFINE(__USE_MINGW_ANSI_STDIO, 1, [defined to use gcc ansi snprintf and sscanf that understands %lld when compiled for windows.])
1608fi
1609if test $ac_cv_func_getaddrinfo = no; then
1610	AC_LIBOBJ([fake-rfc2553])
1611fi
1612# check after getaddrinfo for its libraries
1613ACX_FUNC_IOCTLSOCKET
1614
1615# see if daemon(3) exists, and if it is deprecated.
1616AC_CHECK_FUNCS([daemon])
1617if test $ac_cv_func_daemon = yes; then
1618	ACX_FUNC_DEPRECATED([daemon], [(void)daemon(0, 0);], [
1619#include <stdlib.h>
1620#include <unistd.h>
1621])
1622fi
1623
1624AC_CHECK_MEMBERS([struct sockaddr_un.sun_len],,,[
1625AC_INCLUDES_DEFAULT
1626#ifdef HAVE_SYS_UN_H
1627#include <sys/un.h>
1628#endif
1629])
1630AC_CHECK_MEMBERS([struct in_pktinfo.ipi_spec_dst],,,[
1631AC_INCLUDES_DEFAULT
1632#if HAVE_SYS_PARAM_H
1633#include <sys/param.h>
1634#endif
1635
1636#ifdef HAVE_SYS_SOCKET_H
1637#include <sys/socket.h>
1638#endif
1639
1640#ifdef HAVE_SYS_UIO_H
1641#include <sys/uio.h>
1642#endif
1643
1644#ifdef HAVE_NETINET_IN_H
1645#include <netinet/in.h>
1646#endif
1647
1648#ifdef HAVE_NETINET_TCP_H
1649#include <netinet/tcp.h>
1650#endif
1651
1652#ifdef HAVE_ARPA_INET_H
1653#include <arpa/inet.h>
1654#endif
1655
1656#ifdef HAVE_WINSOCK2_H
1657#include <winsock2.h>
1658#endif
1659
1660#ifdef HAVE_WS2TCPIP_H
1661#include <ws2tcpip.h>
1662#endif
1663])
1664
1665AC_MSG_CHECKING([for htobe64])
1666AC_LINK_IFELSE([AC_LANG_PROGRAM([
1667#include <stdio.h>
1668#ifdef HAVE_ENDIAN_H
1669#  include <endian.h>
1670#endif
1671#ifdef HAVE_SYS_ENDIAN_H
1672#  include <sys/endian.h>
1673#endif
1674], [unsigned long long x = htobe64(0); printf("%u", (unsigned)x);])],
1675  AC_MSG_RESULT(yes)
1676  AC_DEFINE(HAVE_HTOBE64, 1, [If we have htobe64]),
1677  AC_MSG_RESULT(no))
1678
1679AC_MSG_CHECKING([for be64toh])
1680AC_LINK_IFELSE([AC_LANG_PROGRAM([
1681#include <stdio.h>
1682#ifdef HAVE_ENDIAN_H
1683#  include <endian.h>
1684#endif
1685#ifdef HAVE_SYS_ENDIAN_H
1686#  include <sys/endian.h>
1687#endif
1688], [unsigned long long x = be64toh(0); printf("%u", (unsigned)x);])],
1689  AC_MSG_RESULT(yes)
1690  AC_DEFINE(HAVE_BE64TOH, 1, [If we have be64toh]),
1691  AC_MSG_RESULT(no))
1692
1693AC_SEARCH_LIBS([setusercontext], [util])
1694AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex poll gettid])
1695AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
1696AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
1697
1698# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
1699if echo $host_os | grep darwin8 > /dev/null; then
1700	AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
1701fi
1702AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [
1703AC_INCLUDES_DEFAULT
1704#ifdef HAVE_NETINET_IN_H
1705#include <netinet/in.h>
1706#endif
1707
1708#ifdef HAVE_NETINET_TCP_H
1709#include <netinet/tcp.h>
1710#endif
1711
1712#ifdef HAVE_ARPA_INET_H
1713#include <arpa/inet.h>
1714#endif
1715
1716#ifdef HAVE_WINSOCK2_H
1717#include <winsock2.h>
1718#endif
1719
1720#ifdef HAVE_WS2TCPIP_H
1721#include <ws2tcpip.h>
1722#endif
1723])
1724AC_REPLACE_FUNCS(inet_aton)
1725AC_REPLACE_FUNCS(inet_pton)
1726AC_REPLACE_FUNCS(inet_ntop)
1727AC_REPLACE_FUNCS(snprintf)
1728# test if snprintf return the proper length
1729if test "x$ac_cv_func_snprintf" = xyes; then
1730    if test c${cross_compiling} = cno; then
1731	AC_MSG_CHECKING([for correct snprintf return value])
1732	AC_RUN_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT
1733[[
1734int main(void) { return !(snprintf(NULL, 0, "test") == 4); }
1735]])], [AC_MSG_RESULT(yes)], [
1736		AC_MSG_RESULT(no)
1737		AC_DEFINE([SNPRINTF_RET_BROKEN], [], [define if (v)snprintf does not return length needed, (but length used)])
1738		AC_LIBOBJ(snprintf)
1739	  ], [AC_MSG_RESULT(maybe)])
1740    fi
1741fi
1742AC_REPLACE_FUNCS(strlcat)
1743AC_REPLACE_FUNCS(strlcpy)
1744AC_REPLACE_FUNCS(memmove)
1745AC_REPLACE_FUNCS(gmtime_r)
1746AC_REPLACE_FUNCS(isblank)
1747AC_REPLACE_FUNCS(explicit_bzero)
1748dnl without CTIME, ARC4-functions and without reallocarray.
1749LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS"
1750AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4)
1751AC_MSG_CHECKING([for reallocarray])
1752AC_LINK_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT
1753[[
1754#ifndef _OPENBSD_SOURCE
1755#define _OPENBSD_SOURCE 1
1756#endif
1757#include <stdlib.h>
1758int main(void) {
1759	void* p = reallocarray(NULL, 10, 100);
1760	free(p);
1761	return 0;
1762}
1763]])], [AC_MSG_RESULT(yes)
1764	AC_DEFINE(HAVE_REALLOCARRAY, 1, [If we have reallocarray(3)])
1765], [
1766	AC_MSG_RESULT(no)
1767	AC_LIBOBJ(reallocarray)
1768])
1769AC_CHECK_DECLS([reallocarray])
1770if test "$USE_NSS" = "no"; then
1771	AC_REPLACE_FUNCS(arc4random)
1772	AC_REPLACE_FUNCS(arc4random_uniform)
1773	if test "$ac_cv_func_arc4random" = "no"; then
1774		AC_LIBOBJ(arc4_lock)
1775		AC_CHECK_FUNCS([getentropy],,[
1776		    if test "$USE_WINSOCK" = 1; then
1777			AC_LIBOBJ(getentropy_win)
1778		    else
1779			case "$host" in
1780			Darwin|*darwin*)
1781				AC_LIBOBJ(getentropy_osx)
1782			;;
1783			*solaris*|*sunos*|SunOS)
1784				AC_LIBOBJ(getentropy_solaris)
1785				AC_CHECK_HEADERS([sys/sha2.h],, [
1786					AC_CHECK_FUNCS([SHA512_Update],,[
1787						AC_LIBOBJ(sha512)
1788					])
1789				], [AC_INCLUDES_DEFAULT])
1790				if test "$ac_cv_header_sys_sha2_h" = "yes"; then
1791					# this lib needed for sha2 on solaris
1792					LIBS="$LIBS -lmd"
1793				fi
1794				AC_SEARCH_LIBS([clock_gettime], [rt])
1795			;;
1796			*freebsd*|*FreeBSD)
1797				AC_LIBOBJ(getentropy_freebsd)
1798			;;
1799			*linux*|Linux|*)
1800				AC_LIBOBJ(getentropy_linux)
1801				AC_CHECK_FUNCS([SHA512_Update],,[
1802					AC_DEFINE([COMPAT_SHA512], [1], [Do sha512 definitions in config.h])
1803					AC_LIBOBJ(sha512)
1804				])
1805				AC_CHECK_HEADERS([sys/sysctl.h],,, [AC_INCLUDES_DEFAULT])
1806				AC_CHECK_FUNCS([getauxval])
1807				AC_SEARCH_LIBS([clock_gettime], [rt])
1808			;;
1809			esac
1810		    fi
1811		])
1812	fi
1813fi
1814LIBOBJ_WITHOUT_CTIME="$LIBOBJS"
1815AC_SUBST(LIBOBJ_WITHOUT_CTIME)
1816AC_REPLACE_FUNCS(ctime_r)
1817AC_REPLACE_FUNCS(strsep)
1818
1819AC_ARG_ENABLE(allsymbols, AS_HELP_STRING([--enable-allsymbols],[export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols]))
1820case "$enable_allsymbols" in
1821	yes)
1822	COMMON_OBJ_ALL_SYMBOLS=""
1823	UBSYMS=""
1824	EXTRALINK="libunbound.la"
1825	AC_DEFINE(EXPORT_ALL_SYMBOLS, 1, [Define this if you enabled-allsymbols from libunbound to link binaries to it for smaller install size, but the libunbound export table is polluted by internal symbols])
1826	;;
1827	no|*)
1828	COMMON_OBJ_ALL_SYMBOLS='$(COMMON_OBJ)'
1829	UBSYMS='-export-symbols $(srcdir)/libunbound/ubsyms.def'
1830	EXTRALINK=""
1831	;;
1832esac
1833AC_SUBST(COMMON_OBJ_ALL_SYMBOLS)
1834AC_SUBST(EXTRALINK)
1835AC_SUBST(UBSYMS)
1836if test x_$enable_lock_checks = x_yes; then
1837	UBSYMS="-export-symbols clubsyms.def"
1838	cp ${srcdir}/libunbound/ubsyms.def clubsyms.def
1839	echo lock_protect >> clubsyms.def
1840	echo lock_unprotect >> clubsyms.def
1841	echo lock_get_mem >> clubsyms.def
1842	echo checklock_start >> clubsyms.def
1843	echo checklock_stop >> clubsyms.def
1844	echo checklock_lock >> clubsyms.def
1845	echo checklock_unlock >> clubsyms.def
1846	echo checklock_init >> clubsyms.def
1847	echo checklock_thrcreate >> clubsyms.def
1848	echo checklock_thrjoin >> clubsyms.def
1849fi
1850
1851# check for dnstap if requested
1852dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock],
1853    [
1854        AC_DEFINE([USE_DNSTAP], [1], [Define to 1 to enable dnstap support])
1855        AC_SUBST([ENABLE_DNSTAP], [1])
1856
1857        AC_SUBST([opt_dnstap_socket_path])
1858        ACX_ESCAPE_BACKSLASH($opt_dnstap_socket_path, hdr_dnstap_socket_path)
1859        AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH,
1860            ["$hdr_dnstap_socket_path"], [default dnstap socket path])
1861	AC_SUBST(DNSTAP_SOCKET_PATH,["$hdr_dnstap_socket_path"])
1862	AC_SUBST(DNSTAP_SOCKET_TESTBIN,['unbound-dnstap-socket$(EXEEXT)'])
1863        AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c"])
1864        AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo"])
1865    ],
1866    [
1867        AC_SUBST([ENABLE_DNSTAP], [0])
1868    ]
1869)
1870
1871# check for dnscrypt if requested
1872dnsc_DNSCRYPT([
1873        AC_DEFINE([USE_DNSCRYPT], [1], [Define to 1 to enable dnscrypt support])
1874        AC_SUBST([ENABLE_DNSCRYPT], [1])
1875
1876        AC_SUBST([DNSCRYPT_SRC], ["dnscrypt/dnscrypt.c"])
1877        AC_SUBST([DNSCRYPT_OBJ], ["dnscrypt.lo"])
1878    ],
1879    [
1880        AC_SUBST([ENABLE_DNSCRYPT], [0])
1881    ]
1882)
1883
1884# check for cachedb if requested
1885AC_ARG_ENABLE(cachedb, AS_HELP_STRING([--enable-cachedb],[enable cachedb module that can use external cache storage]))
1886# turn on cachedb when hiredis support is enabled.
1887if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi
1888case "$enable_cachedb" in
1889    yes)
1890    	AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support])
1891	AC_SUBST([CACHEDB_SRC], ["cachedb/cachedb.c cachedb/redis.c"])
1892	AC_SUBST([CACHEDB_OBJ], ["cachedb.lo redis.lo"])
1893    	;;
1894    no|*)
1895    	# nothing
1896    	;;
1897esac
1898
1899# check for ipsecmod if requested
1900AC_ARG_ENABLE(ipsecmod, AS_HELP_STRING([--enable-ipsecmod],[Enable ipsecmod module that facilitates opportunistic IPsec]))
1901case "$enable_ipsecmod" in
1902	yes)
1903		AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.])
1904		IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo"
1905		AC_SUBST(IPSECMOD_OBJ)
1906		IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h'
1907		AC_SUBST(IPSECMOD_HEADER)
1908		;;
1909	no|*)
1910		# nothing
1911		;;
1912esac
1913
1914# check for ipset if requested
1915AC_ARG_ENABLE(ipset, AS_HELP_STRING([--enable-ipset],[enable ipset module]))
1916case "$enable_ipset" in
1917    yes)
1918		AC_DEFINE([USE_IPSET], [1], [Define to 1 to use ipset support])
1919		IPSET_SRC="ipset/ipset.c"
1920		AC_SUBST(IPSET_SRC)
1921		IPSET_OBJ="ipset.lo"
1922		AC_SUBST(IPSET_OBJ)
1923
1924		# mnl
1925		AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]),
1926			[ ],[ withval="yes" ])
1927		found_libmnl="no"
1928		AC_MSG_CHECKING(for libmnl)
1929		if test x_$withval = x_ -o x_$withval = x_yes; then
1930			withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
1931		fi
1932		for dir in $withval ; do
1933			if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then
1934				found_libmnl="yes"
1935				dnl assume /usr is in default path.
1936				extralibmnl=""
1937				if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then
1938					extralibmnl="/libmnl"
1939				fi
1940				if test "$dir" != "/usr" -o -n "$extralibmnl"; then
1941					CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl"
1942				fi
1943				if test "$dir" != "/usr"; then
1944					LDFLAGS="$LDFLAGS -L$dir/lib"
1945				fi
1946				AC_MSG_RESULT(found in $dir)
1947				LIBS="$LIBS -lmnl"
1948				break;
1949			fi
1950		done
1951		if test x_$found_libmnl != x_yes; then
1952			AC_MSG_ERROR([Could not find libmnl, libmnl.h])
1953		fi
1954		;;
1955    no|*)
1956    	# nothing
1957		;;
1958esac
1959AC_ARG_ENABLE(explicit-port-randomisation, AS_HELP_STRING([--disable-explicit-port-randomisation],[disable explicit source port randomisation and rely on the kernel to provide random source ports]))
1960case "$enable_explicit_port_randomisation" in
1961	no)
1962		AC_DEFINE([DISABLE_EXPLICIT_PORT_RANDOMISATION], [1], [Define this to enable kernel based UDP source port randomization.])
1963		;;
1964	yes|*)
1965		;;
1966esac
1967
1968if echo "$host" | $GREP -i -e linux >/dev/null; then
1969	AC_ARG_ENABLE(linux-ip-local-port-range, AS_HELP_STRING([--enable-linux-ip-local-port-range], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.]))
1970	case "$enable_linux_ip_local_port_range" in
1971		yes)
1972			AC_DEFINE([USE_LINUX_IP_LOCAL_PORT_RANGE], [1], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.])
1973			;;
1974		no|*)
1975			;;
1976	esac
1977fi
1978
1979
1980AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
1981# on openBSD, the implicit rule make $< work.
1982# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
1983# gmake works.
1984cat >conftest.make <<EOF
1985all:	conftest.lo
1986
1987conftest.lo foo.lo bla.lo:
1988	if test -f "\$<"; then touch \$@; fi
1989
1990.SUFFIXES: .lo
1991.c.lo:
1992	if test -f "\$<"; then touch \$@; fi
1993
1994conftest.lo:        conftest.dir/conftest.c
1995EOF
1996mkdir conftest.dir
1997touch conftest.dir/conftest.c
1998rm -f conftest.lo conftest.c
1999${MAKE:-make} -f conftest.make >/dev/null
2000rm -f conftest.make conftest.c conftest.dir/conftest.c
2001rm -rf conftest.dir
2002if test ! -f conftest.lo; then
2003	AC_MSG_RESULT(no)
2004	SOURCEDETERMINE='echo "$^" | awk "-F " "{print \$$1;}" > .source'
2005	SOURCEFILE='`cat .source`'
2006else
2007	AC_MSG_RESULT(yes)
2008	SOURCEDETERMINE=':'
2009	SOURCEFILE='$<'
2010fi
2011rm -f conftest.lo
2012AC_SUBST(SOURCEDETERMINE)
2013AC_SUBST(SOURCEFILE)
2014
2015# see if we want to build the library or everything
2016ALLTARGET="alltargets"
2017INSTALLTARGET="install-all"
2018AC_ARG_WITH(libunbound-only, AS_HELP_STRING([--with-libunbound-only],[do not build daemon and tool programs]),
2019	[
2020	if test "$withval" = "yes"; then
2021		ALLTARGET="lib"
2022		INSTALLTARGET="install-lib"
2023	fi
2024])
2025if test $ALLTARGET = "alltargets"; then
2026	if test $USE_NSS = "yes"; then
2027		AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.])
2028	fi
2029	if test $USE_NETTLE = "yes"; then
2030		AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.])
2031	fi
2032fi
2033
2034AC_SUBST(ALLTARGET)
2035AC_SUBST(INSTALLTARGET)
2036
2037ACX_STRIP_EXT_FLAGS
2038if test -n "$LATE_LDFLAGS"; then
2039  LDFLAGS="$LATE_LDFLAGS $LDFLAGS"
2040fi
2041# remove start spaces
2042LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'`
2043LIBS=`echo "$LIBS"|sed -e 's/^ *//'`
2044
2045AC_DEFINE_UNQUOTED([MAXSYSLOGMSGLEN], [10240], [Define to the maximum message length to pass to syslog.])
2046
2047AH_BOTTOM(
2048dnl this must be first AH_CONFIG, to define the flags before any includes.
2049AHX_CONFIG_EXT_FLAGS
2050
2051dnl includes
2052[
2053#ifndef _OPENBSD_SOURCE
2054#define _OPENBSD_SOURCE 1
2055#endif
2056
2057#ifndef UNBOUND_DEBUG
2058# ifndef NDEBUG
2059#  define NDEBUG
2060# endif
2061#endif
2062
2063/** Use small-ldns codebase */
2064#define USE_SLDNS 1
2065#ifdef HAVE_SSL
2066#  define LDNS_BUILD_CONFIG_HAVE_SSL 1
2067#endif
2068
2069#include <stdio.h>
2070#include <string.h>
2071#include <unistd.h>
2072#include <assert.h>
2073
2074#if STDC_HEADERS
2075#include <stdlib.h>
2076#include <stddef.h>
2077#endif
2078
2079#ifdef HAVE_STDARG_H
2080#include <stdarg.h>
2081#endif
2082
2083#ifdef HAVE_STDINT_H
2084#include <stdint.h>
2085#endif
2086
2087#include <errno.h>
2088
2089#if HAVE_SYS_PARAM_H
2090#include <sys/param.h>
2091#endif
2092
2093#ifdef HAVE_SYS_SOCKET_H
2094#include <sys/socket.h>
2095#endif
2096
2097#ifdef HAVE_SYS_UIO_H
2098#include <sys/uio.h>
2099#endif
2100
2101#ifdef HAVE_NETINET_IN_H
2102#include <netinet/in.h>
2103#endif
2104
2105#ifdef HAVE_NETINET_TCP_H
2106#include <netinet/tcp.h>
2107#endif
2108
2109#ifdef HAVE_ARPA_INET_H
2110#include <arpa/inet.h>
2111#endif
2112
2113#ifdef HAVE_WINSOCK2_H
2114#include <winsock2.h>
2115#endif
2116
2117#ifdef HAVE_WS2TCPIP_H
2118#include <ws2tcpip.h>
2119#endif
2120
2121#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO)
2122#define ARG_LL "%ll"
2123#else
2124#define ARG_LL "%I64"
2125#endif
2126
2127#ifndef AF_LOCAL
2128#define AF_LOCAL AF_UNIX
2129#endif
2130]
2131
2132AHX_CONFIG_FORMAT_ATTRIBUTE
2133AHX_CONFIG_UNUSED_ATTRIBUTE
2134AHX_CONFIG_FSEEKO
2135AHX_CONFIG_MAXHOSTNAMELEN
2136#if !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN)
2137#define snprintf snprintf_unbound
2138#define vsnprintf vsnprintf_unbound
2139#include <stdarg.h>
2140int snprintf (char *str, size_t count, const char *fmt, ...);
2141int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
2142#endif /* HAVE_SNPRINTF or SNPRINTF_RET_BROKEN */
2143AHX_CONFIG_INET_PTON(unbound)
2144AHX_CONFIG_INET_NTOP(unbound)
2145AHX_CONFIG_INET_ATON(unbound)
2146AHX_CONFIG_MEMMOVE(unbound)
2147AHX_CONFIG_STRLCAT(unbound)
2148AHX_CONFIG_STRLCPY(unbound)
2149AHX_CONFIG_GMTIME_R(unbound)
2150AHX_CONFIG_REALLOCARRAY(unbound)
2151AHX_CONFIG_W32_SLEEP
2152AHX_CONFIG_W32_USLEEP
2153AHX_CONFIG_W32_RANDOM
2154AHX_CONFIG_W32_SRANDOM
2155AHX_CONFIG_W32_FD_SET_T
2156AHX_CONFIG_IPV6_MIN_MTU
2157AHX_MEMCMP_BROKEN(unbound)
2158
2159[
2160#ifndef HAVE_CTIME_R
2161#define ctime_r unbound_ctime_r
2162char *ctime_r(const time_t *timep, char *buf);
2163#endif
2164
2165#ifndef HAVE_STRSEP
2166#define strsep unbound_strsep
2167char *strsep(char **stringp, const char *delim);
2168#endif
2169
2170#ifndef HAVE_ISBLANK
2171#define isblank unbound_isblank
2172int isblank(int c);
2173#endif
2174
2175#ifndef HAVE_EXPLICIT_BZERO
2176#define explicit_bzero unbound_explicit_bzero
2177void explicit_bzero(void* buf, size_t len);
2178#endif
2179
2180#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP
2181const char *inet_ntop(int af, const void *src, char *dst, size_t size);
2182#endif
2183
2184#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON
2185int inet_pton(int af, const char* src, void* dst);
2186#endif
2187
2188#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
2189#define strptime unbound_strptime
2190struct tm;
2191char *strptime(const char *s, const char *format, struct tm *tm);
2192#endif
2193
2194#if !HAVE_DECL_REALLOCARRAY
2195void *reallocarray(void *ptr, size_t nmemb, size_t size);
2196#endif
2197
2198#ifdef HAVE_LIBBSD
2199#include <bsd/string.h>
2200#include <bsd/stdlib.h>
2201#endif
2202
2203#ifdef HAVE_LIBRESSL
2204#  if !HAVE_DECL_STRLCPY
2205size_t strlcpy(char *dst, const char *src, size_t siz);
2206#  endif
2207#  if !HAVE_DECL_STRLCAT
2208size_t strlcat(char *dst, const char *src, size_t siz);
2209#  endif
2210#  if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM)
2211uint32_t arc4random(void);
2212#  endif
2213#  if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM)
2214uint32_t arc4random_uniform(uint32_t upper_bound);
2215#  endif
2216#endif /* HAVE_LIBRESSL */
2217#ifndef HAVE_ARC4RANDOM
2218int getentropy(void* buf, size_t len);
2219uint32_t arc4random(void);
2220void arc4random_buf(void* buf, size_t n);
2221void _ARC4_LOCK(void);
2222void _ARC4_UNLOCK(void);
2223void _ARC4_LOCK_DESTROY(void);
2224#endif
2225#ifndef HAVE_ARC4RANDOM_UNIFORM
2226uint32_t arc4random_uniform(uint32_t upper_bound);
2227#endif
2228#ifdef COMPAT_SHA512
2229#ifndef SHA512_DIGEST_LENGTH
2230#define SHA512_BLOCK_LENGTH		128
2231#define SHA512_DIGEST_LENGTH		64
2232#define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
2233typedef struct _SHA512_CTX {
2234	uint64_t	state[8];
2235	uint64_t	bitcount[2];
2236	uint8_t	buffer[SHA512_BLOCK_LENGTH];
2237} SHA512_CTX;
2238#endif /* SHA512_DIGEST_LENGTH */
2239void SHA512_Init(SHA512_CTX*);
2240void SHA512_Update(SHA512_CTX*, void*, size_t);
2241void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
2242unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
2243#endif /* COMPAT_SHA512 */
2244
2245
2246
2247#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS))
2248   /* using version of libevent that is not threadsafe. */
2249#  define LIBEVENT_SIGNAL_PROBLEM 1
2250#endif
2251
2252#ifndef CHECKED_INET6
2253#  define CHECKED_INET6
2254#  ifdef AF_INET6
2255#    define INET6
2256#  else
2257#    define AF_INET6        28
2258#  endif
2259#endif /* CHECKED_INET6 */
2260
2261#ifndef HAVE_GETADDRINFO
2262struct sockaddr_storage;
2263#include "compat/fake-rfc2553.h"
2264#endif
2265
2266#ifdef UNBOUND_ALLOC_STATS
2267#  define malloc(s) unbound_stat_malloc_log(s, __FILE__, __LINE__, __func__)
2268#  define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__)
2269#  define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__)
2270#  define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__)
2271void *unbound_stat_malloc(size_t size);
2272void *unbound_stat_calloc(size_t nmemb, size_t size);
2273void unbound_stat_free(void *ptr);
2274void *unbound_stat_realloc(void *ptr, size_t size);
2275void *unbound_stat_malloc_log(size_t size, const char* file, int line,
2276	const char* func);
2277void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file,
2278	int line, const char* func);
2279void unbound_stat_free_log(void *ptr, const char* file, int line,
2280	const char* func);
2281void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
2282	int line, const char* func);
2283#elif defined(UNBOUND_ALLOC_LITE)
2284#  include "util/alloc.h"
2285#endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */
2286
2287/** default port for DNS traffic. */
2288#define UNBOUND_DNS_PORT 53
2289/** default port for DNS over TLS traffic. */
2290#define UNBOUND_DNS_OVER_TLS_PORT 853
2291/** default port for DNS over HTTPS traffic. */
2292#define UNBOUND_DNS_OVER_HTTPS_PORT 443
2293/** default port for unbound control traffic, registered port with IANA,
2294    ub-dns-control  8953/tcp    unbound dns nameserver control */
2295#define UNBOUND_CONTROL_PORT 8953
2296/** the version of unbound-control that this software implements */
2297#define UNBOUND_CONTROL_VERSION 1
2298
2299])
2300
2301dnl if we build from source tree, the man pages need @date@ and @version@
2302dnl if this is a distro tarball, that was already done by makedist.sh
2303AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO])
2304AC_SUBST(date, [`date +'%b %e, %Y'`])
2305
2306AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_portable.service])
2307AC_CONFIG_HEADERS([config.h])
2308AC_OUTPUT
2309