# -*- autoconf -*-
#########################################
##
# Miscellaneous checks
##
#########################################
##
# Package characteristics
# Authentication/Encryption support
##
# Check for PKCS11
#
AC_MSG_CHECKING([for authentication support])
useopenssl=no
usepkcs=no
if test "x$ac_cv_lib_pkcs11_C_Initialize" != "xyes" -o "x$ac_cv_header_security_cryptoki_h" != "xyes"; then
if test "x$askedpkcs" = "xyes"; then
AC_MSG_ERROR(Asked to use PKCS11 but I couldn't find it.)
fi
else
if test "x$askedpkcs" = "xyes"; then
usepkcs=yes
fi
fi
# Check for OpenSSL
#
if test "x$ac_cv_lib_crypto_EVP_md5" != "xyes" -a "x$ac_cv_lib_eay32_EVP_md5" != "xyes" -o "x$ac_cv_header_openssl_hmac_h" != "xyes"; then
if test "x$askedopenssl" = "xyes"; then
AC_MSG_ERROR(Asked to use OpenSSL but I couldn't find it.)
fi
else
if test "x$askedopenssl" = "xyes"; then
useopenssl=yes
elif test "x$tryopenssl" = "xyes"; then
if test "x$usepkcs" != "xyes"; then
useopenssl=yes
fi
fi
fi
# Available authentication/encryption modes
#
if test "x$CRYPTO" = "xinternal" ; then
authmodes="MD5 SHA1"
if test "x$enable_privacy" != "xno" ; then
encrmodes="DES AES"
else
encrmodes="[disabled]"
fi
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
authmodes="MD5 SHA1"
if test "x$ac_cv_func_EVP_sha224" = xyes; then
authmodes="$authmodes SHA224 SHA256"
fi
if test "x$ac_cv_func_EVP_sha384" = xyes; then
authmodes="$authmodes SHA384 SHA512"
fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
else
encrmodes="DES"
fi
else
encrmodes="[disabled]"
fi
AC_DEFINE(NETSNMP_USE_OPENSSL)
LNETSNMPLIBS="$LNETSNMPLIBS $LIBCRYPTO"
AC_MSG_RESULT(OpenSSL Support)
elif test "x$usepkcs" != "xno" ; then
authmodes="MD5 SHA1"
if test "x$enable_privacy" != "xno" ; then
encrmodes="DES"
else
encrmodes="[disabled]"
fi
AC_DEFINE(NETSNMP_USE_PKCS11, 1,
[Define if you are using the codeS11 library ...])
LNETSNMPLIBS="$LNETSNMPLIBS $LIBPKCS11"
AC_MSG_RESULT(PKCS11 Support)
elif test "x$enable_md5" != "xno"; then
authmodes="MD5"
encrmodes=""
AC_DEFINE(NETSNMP_USE_INTERNAL_MD5)
AC_MSG_RESULT(Internal MD5 Support)
fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
test "x$CRYPTO" = xinternal; then
encrmodes="$encrmodes AES128"
if test "x$aes_capable" = "xyes"; then
encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
fi
fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
AC_MSG_CACHE_ADD(Crypto support from: $CRYPTO)
AC_MSG_CACHE_ADD(Authentication support: $authmodes)
AC_MSG_CACHE_ADD(Encryption support: $encrmodes)
if test "x$all_warnings" != "x"; then
AC_MSG_CACHE_ADD(WARNING: $all_warnings)
fi
#
# Check whether user wants DNSSEC local validation support
#
_libs=${LIBS}
if ! test "x-$want_dnssec" = "x-no" ; then
AC_CHECK_HEADERS([validator/validator-config.h])
if test "$ac_cv_header_validator_validator_config_h" != yes; then
AC_MSG_ERROR(Can't find validator.h)
fi
if test "x$ac_cv_lib_crypto_EVP_md5" != "xyes" -a \
"x$ac_cv_lib_eay32_EVP_md5" != "xyes" -o \
"x$ac_cv_header_openssl_hmac_h" != "xyes"; then
AC_MSG_ERROR(Couldn't find OpenSSL for local DNSSEC validation support.)
fi
LIBS="$LIBS $LIBCRYPTO"
AC_CHECK_LIB(sres, query_send,,AC_MSG_ERROR([Can't find libsres]))
VAL_LIBS="-lsres $LIBCRYPTO"
LIBS="$LIBS -lsres"
AC_CHECK_LIB(val, p_val_status,
LIBS="$LIBS -lval"
VAL_LIBS="$VAL_LIBS -lval"
have_val_res_query=yes,
[ AC_CHECK_LIB(pthread, pthread_rwlock_init)
AC_CHECK_LIB(val-threads, p_val_status,
have_val_res_query=yes
LIBS="-lval-threads $LIBS"
VAL_LIBS="-lval-threads -lpthread $VAL_LIBS"
LIBVAL_SUFFIX="-threads",
AC_MSG_ERROR(Can't find libval or libval-threads))
])
AC_DEFINE(DNSSEC_LOCAL_VALIDATION, 1,
[Define if you want local DNSSEC validation support])
DNSSEC="enabled"
else
DNSSEC="disabled"
fi
LIBS=${_libs}
AC_SUBST(VAL_LIBS)
AC_MSG_CACHE_ADD(Local DNSSEC validation: $DNSSEC)