summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2019-11-03statfs might be defined in sys/mount.h.Darren Tucker
eg on old NetBSDs.
2019-11-02Only enable U2F if OpenSSL supports ECC.Darren Tucker
This requires moving the U2F bits to below the OpenSSL parts so we have the required information. ok djm@
2019-11-01Add flags needed to build and work on Ultrix.Darren Tucker
2019-11-01Hook up fnmatch for platforms that don't have it.Darren Tucker
2019-11-01Use sftp_realpath if no native realpath.Darren Tucker
2019-11-01Configure flags for haiku from haikuports.Darren Tucker
Should build with the default flags with ./configure
2019-11-01autoconf pieces for U2F supportDamien Miller
Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
2019-10-29Add implementation of localtime_r.Darren Tucker
2019-10-28Make sure we have struct statfs before using.Darren Tucker
2019-10-28Define UINT32_MAX if needed.Darren Tucker
2019-10-24Add a function call stackprotector tests.Darren Tucker
Including a function call in the test programs for the gcc stack protector flag tests exercises more of the compiler and makes it more likely it'll detect problems.
2019-08-30tweak warning flagsDamien Miller
Enable -Wextra if compiler supports it Set -Wno-error=format-truncation if available to prevent expected string truncations in openbsd-compat from breaking -Werror builds
2019-08-30proc_pidinfo()-based closefrom() for OS XDamien Miller
Refactor closefrom() to use a single brute-force close() loop fallback. Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
2019-07-23Re-apply portability changes to current sha2.{c,h}.Darren Tucker
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 I imported the current versions directly then re-applied the portability changes. This also allowed re-syncing digest-libc.c against upstream.
2019-07-16Hook memmem compat code into build.Darren Tucker
This fixes builds on platforms that don't have it (at least old DragonFly, probably others).
2019-07-10fix typo that prevented detection of Linux VRFDamien Miller
Reported by hexiaowen AT huawei.com
2019-07-08remove realpath() compat replacementDamien Miller
We shipped a BSD implementation of realpath() because sftp-server depended on its behaviour. OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), so sftp-server now unconditionally requires its own BSD-style realpath implementation. As such, there is no need to carry another independant implementation in openbsd-compat. ok dtucker@
2019-05-15Fix typo in man page formatter selector.Darren Tucker
2019-05-10Use "doc" man page format if mandoc present.Darren Tucker
Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de.
2019-04-30Remove unused variables from RLIMIT_NOFILE test.Darren Tucker
2019-01-22Allow building against OpenSSL dev (3.x) version.Darren Tucker
2019-01-21Make --with-rpath take a flag instead of yes/no.Darren Tucker
Linkers need various flags for -rpath and similar, so make --with-rpath take an optional flag argument which is passed to the linker. ok djm@
2019-01-21conditionalise ECDSA PKCS#11 supportDamien Miller
Require EC_KEY_METHOD support in libcrypto, evidenced by presence of EC_KEY_METHOD_new() function.
2019-01-21Check for cc before gcc.Darren Tucker
If cc is something other than gcc and is the system compiler prefer using that, unless otherwise told via $CC. ok djm@
2019-01-18Add minimal fchownat and fchmodat implementations.Darren Tucker
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18Add a minimal implementation of utimensat().Darren Tucker
Some systems (eg older OS X) do not have utimensat, so provide minimal implementation in compat layer. Fixes build on at least El Capitan.
2018-11-25Improve OpenSSL_add_all_algorithms check.Darren Tucker
OpenSSL_add_all_algorithms() may be a macro so check for that too.
2018-11-23fix configure test for OpenSSL versionDamien Miller
square brackets in case statements may be eaten by autoconf. Report and fix from Filipp Gunbin; tweaked by naddy@
2018-11-23refactor libcrypto initialisationDamien Miller
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-16Test for OPENSSL_init_crypto before using.Darren Tucker
Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931).
2018-11-16Remove fallback check for /usr/local/ssl.Darren Tucker
If configure could not find a working OpenSSL installation it would fall back to checking in /usr/local/ssl. This made sense back when systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't use that as a default any more. The fallback behaviour also meant that if you pointed --with-ssl-dir at a specific directory and it didn't work, it would silently use either the system libs or the ones in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
2018-11-10AC_CHECK_SIZEOF() no longer needs a second argument.Dag-Erling Smørgrav
2018-11-08Simplify OpenSSL 1.1 function checks.Darren Tucker
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single AC_CHECK_FUNCS. ok djm@
2018-11-05Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV.Darren Tucker
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
2018-10-27Check for the existence of openssl version funcs.Darren Tucker
Check for the existence of openssl version functions and use the ones detected instead of trying to guess based on the int32 version identifier. Fixes builds with LibreSSL.
2018-10-26fix builds on OpenSSL <= 1.0.xDamien Miller
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API to obtain version number, but they don't.
2018-10-23remove remaining references to SSLeayDamien Miller
Prompted by Rosen Penev
2018-10-17Require OpenSSL 1.1.x series 1.1.0g or greaterDamien Miller
Previous versions have a bug with EVP_CipherInit() when passed a NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 ok dtucker@
2018-10-16Remove gcc spectre mitigation flags.Darren Tucker
Current impementions of the gcc spectre mitigation flags cause miscompilations when combined with other flags and do not provide much protection. Found by fweimer at redhat.com, ok djm@
2018-10-12Check if snprintf understands %zu.Darren Tucker
If the platforms snprintf and friends don't understand %zu, use the compat replacement. Prevents segfaults on those platforms.
2018-09-13adapt -portable to OpenSSL 1.1x APIDamien Miller
Polyfill missing API with replacement functions extracted from LibreSSL
2018-08-13configure: work around GCC shortcoming on CygwinCorinna Vinschen
Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk as well as -mindirect-branch=thunk on the command line, albeit producing invalid code, leading to an error at link stage. The check in configure.ac only checks if the option is present, but not if it produces valid code. This patch fixes it by special-casing Cygwin. Another solution may be to change these to linker checks. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2018-07-31Remove support for S/KeyDamien Miller
Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
2018-07-02Add implementation of getline.Darren Tucker
Add getline for the benefit of platforms that don't have it. Sourced from NetBSD (OpenBSD's implementation is a little too chummy with the internals of FILE).
2018-06-08Remove ability to override $LD.Darren Tucker
Since autoconf always uses $CC to link C programs, allowing users to override LD caused mismatches between what LD_LINK_IFELSE thought worked and what ld thought worked. If you do need to do this kind of thing you need to set a compiler flag such as gcc's -fuse-ld in LDFLAGS.
2018-04-13Using "==" in shell tests is not portable.Darren Tucker
Patch from rsbecker at nexbridge.com.
2018-04-13prefer to use getrandom() for PRNG seedingDamien Miller
Only applies when built --without-openssl. Thanks Jann Horn for reminder.
2018-04-10Many typo fixes from Karsten WeissDamien Miller
Spotted using https://github.com/lucasdemarchi/codespell
2018-03-30Disable native strndup and strnlen on AIX.Darren Tucker
On at least some revisions of AIX, strndup returns unterminated strings under some conditions, apparently because strnlen returns incorrect values in those cases. Disable both on AIX and use the replacements from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
2018-03-25 Use libiaf on all sysv5 systemsTim Rice