commit ce7eba2efec275d7141b65f38b3aa3138aaae857 Author: Mario Fetka Date: Tue Mar 28 09:58:13 2017 +0200 Imported Upstream version 4.53 diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..27993a2 --- /dev/null +++ b/AUTHORS @@ -0,0 +1,4 @@ +stunnel authors + +Michal Trojnara + diff --git a/BUGS b/BUGS new file mode 100644 index 0000000..8b87d1f --- /dev/null +++ b/BUGS @@ -0,0 +1,5 @@ +stunnel known bugs + + +- Shared library for transparent proxy does not support IPv6. + diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..5890bc3 --- /dev/null +++ b/COPYING @@ -0,0 +1,33 @@ +stunnel license (see COPYRIGHT.GPL for detailed GPL conditions) + +Copyright (C) 1998-2012 Michal Trojnara + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, see . + +Linking stunnel statically or dynamically with other modules is making +a combined work based on stunnel. Thus, the terms and conditions of the +GNU General Public License cover the whole combination. + +In addition, as a special exception, the copyright holder of stunnel gives you +permission to combine stunnel with free software programs or libraries that +are released under the GNU LGPL and with code included in the standard release +of OpenSSL under the OpenSSL License (or modified versions of such code, with +unchanged license). You may copy and distribute such a system following the +terms of the GNU GPL for stunnel and the licenses of the other code concerned. + +Note that people who make modified versions of stunnel are not obligated to +grant this special exception for their modified versions; it is their choice +whether to do so. The GNU General Public License gives permission to release +a modified version without this exception; this exception also makes it +possible to release a modified version which carries forward this exception. + diff --git a/COPYRIGHT.GPL b/COPYRIGHT.GPL new file mode 100644 index 0000000..f2def2a --- /dev/null +++ b/COPYRIGHT.GPL @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/CREDITS b/CREDITS new file mode 100644 index 0000000..8ece5a7 --- /dev/null +++ b/CREDITS @@ -0,0 +1,9 @@ +Special thx to: + +* Adam Hernik +* Pawel Krawczyk +* Brian Hatch +* Dirk O. Siebnich for PTY support + +and many others... + diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..730225c --- /dev/null +++ b/ChangeLog @@ -0,0 +1,1158 @@ +stunnel change log + + +Version 4.53, 2012.03.19, urgency: MEDIUM: +* New features + - Added client-mode "sni" option to directly control the value of + TLS Server Name Indication (RFC 3546) extension. + - Added support for IP_FREEBIND socket option with a pached Linux kernel. + - Glibc-specific dynamic allocation tuning was applied to help unused memory + deallocation. + - Non-blocking OCSP implementation. +* Bugfixes + - Compilation fixes for old versions of OpenSSL (tested against 0.9.6). + - Usage of uninitialized variables fixed in exec+connect services. + - Occasional logging subsystem crash with exec+connect services. + - OpenBSD compilation fix (thx to Michele Orru'). + - Session id context initialized with session name rather than a constant. + - Fixed handling of a rare inetd mode use case, where either stdin or stdout + is a socket, but not both of them at the same time. + - Fixed missing OPENSSL_Applink http://www.openssl.org/support/faq.html#PROG2 + - Fixed crash on termination with FORK threading model. + - Fixed dead canary after configuration reload with open connections. + - Fixed missing file descriptors passed to local mode processes. + - Fixed required jmp_buf alignment on Itanium platform. + - Removed creating /dev/zero in the chroot jail on Solaris platform. + - Fixed detection of WSAECONNREFUSED Winsock error. + - Missing Microsoft.VC90.CRT.manifest added to Windows installer. + +Version 4.52, 2012.01.12, urgency: MEDIUM: +* Bugfixes + - Fixed write closure notification for non-socket file descriptors. + - Removed a line logged to stderr in inetd mode. + - Fixed "Socket operation on non-socket" error in inetd mode on Mac OS X + platform. + - Removed direct access to the fields of the X509_STORE_CTX data structure. + +Version 4.51, 2012.01.09, urgency: MEDIUM: +* New features + - Updated Win32 binary distribution OpenSSL DLLs to version 0.9.8s-fips. + - Updated Android binary OpenSSL to version 1.0.0f. + - Zlib support added to Win32 and Android binary builds. + - New "compression = deflate" global option to enable RFC 2246 compresion. + For compatibility with previous versions "compression = zlib" and + "compression = rle" also enable the deflate (RFC 2246) compression. + - Separate default ciphers and sslVersion for "fips = yes" and "fips = no". + - UAC support for editing configuration file with Windows GUI. +* Bugfixes + - Fixed exec+connect sections. + - Added a workaround for broken Android getaddrinfo(): + http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo + +Version 4.50, 2011.12.03, urgency: MEDIUM: +* New features + - Added Android port. + - Updated INSTALL.FIPS. +* Bugfixes + - Fixed internal memory allocation problem in inetd mode. + - Fixed FIPS mode on Microsoft Vista, Server 2008, and Windows 7. + This fix required to compile OpenSSL FIPS-compliant DLLs with MSVC 9.0, + instead of MSVC 10.0. msvcr100.dll was replaced with msvcr90.dll. + GPL compatibility issues are explained in the GPL FAQ: + http://www.gnu.org/licenses/gpl-faq.html#WindowsRuntimeAndGPL + - POP3 server-side protocol negotiation updated to report STLS + capability (thx to Anthony Morgan). + +Version 4.49, 2011.11.28, urgency: MEDIUM: +* Bugfixes + - Missing Microsoft Visual C++ Redistributable (msvcr100.dll) required + by FIPS-compliant OpenSSL library was added to the Windows installer. + - A bug was fixed causing crashes on MacOS X and some other platforms. + +Version 4.48, 2011.11.26, urgency: MEDIUM: +* New features + - FIPS support on Win32 platform added. OpenSSL 0.9.8r DLLs based on + FIPS 1.2.3 canister are included with this version of stunnel. FIPS + mode can be disabled with "fips = no" configuration file option. +* Bugfixes + - Fixed canary initialization problem on Win32 platform. + +Version 4.47, 2011.11.21, urgency: MEDIUM: +* Internal improvements + - CVE-2010-3864 workaround improved to check runtime version of OpenSSL + rather than compiled version, and to allow OpenSSL 0.x.x >= 0.9.8p. + - Encoding of man page sources changed to UTF-8. +* Bugfixes + - Handling of socket/SSL close in transfer() function was fixed. + - Logging was modified to save and restore system error codes. + - Option "service" was restricted to Unix, as since stunnel 4.42 it + wasn't doing anything useful on Windows platform. + +Version 4.46, 2011.11.04, urgency: LOW: +* New features + - Added Unix socket support (e.g. "connect = /var/run/stunnel/socket"). + - Added "verify = 4" mode to ignore CA chain and only verify peer certificate. + - Removed the limit of 16 IP addresses for a single 'connect' option. + - Removed the limit of 256 stunnel.conf sections in PTHREAD threading model. + It is still not possible have more than 63 sections on WIN32 platform. + http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx +* Optimizations + - Reduced per-connection memory usage. + - Performed a major refactoring of internal data structures. Extensive + internal testing was performed, but some regression bugs are expected. +* Bugfixes + - Fixed WIN32 compilation with Mingw32. + - Fixed non-blocking API emulation layer in UCONTEXT threading model. + - Fixed signal handling in UCONTEXT threading model. + +Version 4.45, 2011.10.24, urgency: LOW: +* New features + - "protocol = proxy" support to send original client IP address to haproxy: + http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt + This requires accept-proxy bind option of haproxy 1.5-dev3 or later. + - Added Win32 configuration reload without a valid configuration loaded. + - Added compatibility with LTS OpenSSL versions 0.9.6 and 0.9.7. + Some features are only available in OpenSSL 1.0.0 and later. +* Performance optimizations + - Use SSL_MODE_RELEASE_BUFFERS if supported by the OpenSSL library. + - Libwrap helper processes are no longer started if libwrap is disabled + in all sections of the configuration file. +* Internal improvements + - Protocol negotiation framework was rewritten to support additional + code to be executed after SSL_accept()/SSL_connect(). + - Handling of memory allocation errors was rewritten to gracefully + terminate the process (thx to regenrecht for the idea). +* Bugfixes + - Fixed -l option handling in stunnel3 script (thx to Kai Gülzau). + - Script to build default stunnel.pem was fixed (thx to Sebastian Kayser). + - MinGW compilation script (mingw.mak) was fixed (thx to Jose Alf). + - MSVC compilation script (vc.mak) was fixed. + - A number of problems in WINSOCK error handling were fixed. + +Version 4.44, 2011.09.17, urgency: MEDIUM: +* New features + - Major automake/autoconf cleanup. + - Heap buffer overflow protection with canaries. + - Stack buffer overflow protection with -fstack-protector. +* Bugfixes + - Fixed garbled error messages on errors with setuid/setgid options. + - SNI fixes (thx to Alexey Drozdov). + - Use after free in fdprintf() (thx to Alexey Drozdov). + This issue might cause GPF with "protocol" or "ident" options. + +Version 4.43, 2011.09.07, urgency: MEDIUM: +* New features + - Updated Win32 DLLs for OpenSSL 1.0.0e. + - Major optimization of the logging subsystem. + Benchmarks indicate up to 15% stunnel performance improvement. +* Bugfixes + - Fixed WIN32 configuration file reload. + - Fixed FORK and UCONTEXT threading models. + - Corrected INSTALL.W32 file. + +Version 4.42, 2011.08.18, urgency: HIGH: +* New features + - New verify level 0 to request and ignore peer certificate. This + feature is useful with the new Windows GUI menu to save cached peer + certificate chains, as SSL client certificates are not sent by default. + - Manual page has been updated. + - Removed support for changing Windows Service name with "service" option. +* Bugfixes + - Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may + possibly be leveraged to perform DoS or remote code execution attacks. + - The -quiet commandline option was applied to *all* message boxes. + - Silent install (/S option) no longer attempts to create stunnel.pem. + +Version 4.41, 2011.07.25, urgency: MEDIUM: +* Bugfixes + - Fixed Windows service crash of stunnel 4.40. + +Version 4.40, 2011.07.23, urgency: LOW: +* New Win32 features + - Added a GUI menu to save cached peer certificate chains. + - Added comandline "-exit" option to stop stunnel *not* running + as a service. This option may be useful for scripts. + - Added file version information to stunnel.exe. + - A number of other GUI improvements. +* Other new features + - Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters + are not provided in stunnel.pem. + - Default "ciphers" value updated to prefer ECDH: + "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH". + - Default ECDH curve updated to "prime256v1". + - Removed support for temporary RSA keys (used in obsolete export ciphers). + +Version 4.39, 2011.07.06, urgency: LOW: +* New features + - New Win32 installer module to build self-signed stunnel.pem. + - Added configuration file editing with Windows GUI. + - Added log file reopening file editing with Windows GUI. + It might be useful to also implement log file rotation. + - Improved configuration file reload with Windows GUI. + +Version 4.38, 2011.06.28, urgency: MEDIUM: +* New features + - Server-side SNI implemented (RFC 3546 section 3.1) with a new + service-level option "nsi". + - "socket" option also accepts "yes" and "no" for flags. + - Nagle's algorithm is now disabled by default for improved interactivity. +* Bugfixes + - A compilation fix was added for OpenSSL version < 1.0.0. + - Signal pipe set to non-blocking mode. This bug caused hangs of stunnel + features based on signals, e.g. local mode, FORK threading, or + configuration file reload on Unix. Win32 platform was not affected. + +Version 4.37, 2011.06.17, urgency: MEDIUM: +* New features + - Client-side SNI implemented (RFC 3546 section 3.1). + - Default "ciphers" changed from the OpenSSL default to a more secure + and faster "RC4-MD5:HIGH:!aNULL:!SSLv2". + A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2". + - Recommended "options = NO_SSLv2" added to the sample stunnel.conf file. + - Default client method upgraded from SSLv3 to TLSv1. + To connect servers without TLS support use "sslVersion = SSLv3" option. + - Improved --enable-fips and --disable-fips ./configure option handling. + - On startup stunnel now compares the compiled version of OpenSSL against + the running version of OpenSSL. A warning is logged on mismatch. +* Bugfixes + - Non-blocking socket handling in local mode fixed (Debian bug #626856). + - UCONTEXT threading mode fixed. + - Removed the use of gcc Thread-Local Storage for improved portability. + - va_copy macro defined for platforms that do not have it. + - Fixed "local" option parsing on IPv4 systems. + - Solaris compilation fix (redefinition of "STR"). + +Version 4.36, 2011.05.03, urgency: LOW: +* New features + - Updated Win32 DLLs for OpenSSL 1.0.0d. + - Dynamic memory management for strings manipulation: + no more static STRLEN limit, lower stack footprint. + - Strict public key comparison added for "verify = 3" certificate + checking mode (thx to Philipp Hartwig). + - Backlog parameter of listen(2) changed from 5 to SOMAXCONN: + improved behavior on heavy load. + - Example tools/stunnel.service file added for systemd service manager. +* Bugfixes + - Missing pthread_attr_destroy() added to fix memory leak (thx to + Paul Allex and Peter Pentchev). + - Fixed the incorrect way of setting FD_CLOEXEC flag. + - Fixed --enable-libwrap option of ./configure script. + - /opt/local added to OpenSSL search path for MacPorts compatibility. + - Workaround implemented for signal handling on MacOS X. + - A trivial bug fixed in the stunnel.init script. + - Retry implemented on EAI_AGAIN error returned by resolver calls. + +Version 4.35, 2011.02.05, urgency: LOW: +* New features + - Updated Win32 DLLs for OpenSSL 1.0.0c. + - Transparent source (non-local bind) added for FreeBSD 8.x. + - Transparent destination ("transparent = destination") added for Linux. +* Bugfixes + - Fixed reload of FIPS-enabled stunnel. + - Compiler options are now auto-detected by ./configure script + in order to support obsolete versions of gcc. + - Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler. + - CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10. + Irreparable race condition leaks remain on other Unix platforms. + This issue may have security implications on some deployments: + http://udrepper.livejournal.com/20407.html + - Directory lib64 included in the OpenSSL library search path. + - Windows CE compilation fixes (thx to Pierre Delaage). + - Deprecated RSA_generate_key() replaced with RSA_generate_key_ex(). +* Domain name changes (courtesy of Bri Hatch) + - http://stunnel.mirt.net/ --> http://www.stunnel.org/ + - ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/ + - stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel + - stunnel-users@mirt.net --> stunnel-users@stunnel.org + - stunnel-announce@mirt.net --> stunnel-announce@stunnel.org + +Version 4.34, 2010.09.19, urgency: LOW: +* New features + - Updated Win32 DLLs for OpenSSL 1.0.0a. + - Updated Win32 DLLs for zlib 1.2.5. + - Updated automake to version 1.11.1 + - Updated libtool to version 2.2.6b + - Added ECC support with a new service-level "curve" option. + - DH support is now enabled by default. + - Added support for OpenSSL builds with some algorithms disabled. + - ./configure modified to support cross-compilation. + - Sample stunnel.init updated based on Debian init script. +* Bugfixes + - Implemented fixes in user interface to enter engine PIN. + - Fixed a transfer() loop issue on socket errors. + - Fixed missing WIN32 taskbar icon while displaying a global option error. + +Version 4.33, 2010.04.05, urgency: MEDIUM: +* New features + - Win32 DLLs for OpenSSL 1.0.0. + This library requires to c_rehash CApath/CRLpath directories on upgrade. + - Win32 DLLs for zlib 1.2.4. + - Experimental support for local mode on WIN32 platform. + Try "exec = c:\windows\system32\cmd.exe". +* Bugfixes + - Inetd mode fixed. + +Version 4.32, 2010.03.24, urgency: MEDIUM: +* New features + - New service-level "libwrap" option for run-time control whether + /etc/hosts.allow and /etc/hosts.deny are used for access control. + Disabling libwrap significantly increases performance of stunnel. + - Win32 DLLs for OpenSSL 0.9.8m. +* Bugfixes + - Fixed a transfer() loop issue with SSLv2 connections. + - Fixed a "setsockopt IP_TRANSPARENT" warning with "local" option. + - Logging subsystem bugfixes and cleanup. + - Installer bugfixes for Vista and later versions of Windows. + - FIPS mode can be enabled/disabled at runtime. + +Version 4.31, 2010.02.03, urgency: MEDIUM: +* New features + - Log file reopen on USR1 signal was added. +* Bugfixes + - Some regression issues introduced in 4.30 were fixed. + +Version 4.30, 2010.01.21, urgency: LOW/EXPERIMENTAL: +* New features + - Graceful configuration reload with HUP signal on Unix + and with GUI on Windows. + +Version 4.29, 2009.12.02, urgency: MEDIUM: +* New feature sponsored by Searchtech Limited http://www.astraweb.com/ + - sessiond, a high performance SSL session cache was built for stunnel. + A new service-level "sessiond" option was added. sessiond is + available for download on ftp://ftp.stunnel.org/stunnel/sessiond/ . + stunnel clusters will be a lot faster, now! +* Bugfixes + - "execargs" defaults to the "exec" parameter (thx to Peter Pentchev). + - Compilation fixes added for AIX and old versions of OpenSSL. + - Missing "fips" option was added to the manual. + +Version 4.28, 2009.11.08, urgency: MEDIUM: +* New features + - Win32 DLLs for OpenSSL 0.9.8l. + - Transparent proxy support on Linux kernels >=2.6.28. + See the manual for details. + - New socket options to control TCP keepalive on Linux: + TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL. + - SSL options updated for the recent version of OpenSSL library. +* Bugfixes + - A serious bug in asynchronous shutdown code fixed. + - Data alignment updated in libwrap.c. + - Polish manual encoding fixed. + - Notes on compression implementation in OpenSSL added to the manual. + +Version 4.27, 2009.04.16, urgency: MEDIUM: +* New features + - Win32 DLLs for OpenSSL 0.9.8k. + - FIPS support was updated for openssl-fips 1.2. + - New priority failover strategy for multiple "connect" targets, + controlled with "failover=rr" (default) or "failover=prio". + - pgsql protocol negotiation by Marko Kreen . + - Building instructions were updated in INSTALL.W32 file. +* Bugfixes + - Libwrap helper processes fixed to close standard + input/output/error file descriptors. + - OS2 compilation fixes. + - WCE fixes by Pierre Delaage . + +Version 4.26, 2008.09.20, urgency: MEDIUM: +* New features + - Win32 DLLs for OpenSSL 0.9.8i. + - /etc/hosts.allow and /etc/hosts.deny no longer need to be + copied to the chrooted directory, as the libwrap processes + are no longer chrooted. + - A more informative error messages for invalid port number + specified in stunnel.conf file. + - Support for Microsoft Visual C++ 9.0 Express Edition. +* Bugfixes + - Killing all libwrap processes at stunnel shutdown fixed. + - A minor bug in stunnel.init sample SysV startup file fixed. + +Version 4.25, 2008.06.01, urgency: MEDIUM: +* New features + - Win32 DLLs for OpenSSL 0.9.8h. +* Bugfixes + - Spawning libwrap processes delayed until privileges are dropped. + - Compilation fix for systems without struct msghdr.msg_control. + +Version 4.24, 2008.05.19, urgency: HIGH: +* Bugfixes + - OCSP code was fixed to properly reject revoked certificates. + +Version 4.23, 2008.05.03, urgency: HIGH: +* Bugfixes + - Local privilege escalation bug on Windows NT based + systems fixed. A local user could exploit stunnel + running as a service to gain localsystem privileges. + +Version 4.22, 2008.03.28, urgency: MEDIUM: +* New features + - Makefile was updated to use standard autoconf variables: + sysconfdir, localstatedir and pkglibdir. + - A new global option to control logging to syslog: + syslog = yes|no + Simultaneous logging to a file and the syslog is now possible. + - A new service-level option to control stack size: + stack = +* Bugfixes + - Restored chroot() to be executed after decoding numerical + userid and groupid values in drop_privileges(). + - A few bugs fixed the in the new libwrap support code. + - TLSv1 method used by default in FIPS mode instead of + SSLv3 client and SSLv23 server methods. + - OpenSSL GPL license exception update based on + http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs + +Version 4.21, 2007.10.27, urgency: LOW/EXPERIMENTAL: +* New features sponsored by Open-Source Software Institute + - Initial FIPS 140-2 support (see INSTALL.FIPS for details). + Win32 platform is not currently supported. +* New features + - Experimental fast support for non-MT-safe libwrap is provided + with pre-spawned processes. + - Stunnel binary moved from /usr/local/sbin to /usr/local/bin + in order to meet FHS and LSB requirements. + Please delete the /usr/local/sbin/stunnel when upgrading. + - Added code to disallow compiling stunnel with pthreads when + OpenSSL is compiled without threads support. + - Win32 DLLs for OpenSSL 0.9.8g. + - Minor manual update. + - TODO file updated. +* Bugfixes + - Dynamic locking callbacks added (needed by some engines to work). + - AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments. + - On some systems libwrap requires yp_get_default_domain from libnsl, + additional checking for libnsl was added to the ./configure script. + - Sending a list of trusted CAs for the client to choose the right + certificate restored. + - Some compatibility issues with NTLM authentication fixed. + - Taskbar icon (unless there is a config file parsing error) and + "Save As" disabled in the service mode for local Win32 security + (it's much like Yeti -- some people claim they have seen it). + +Version 4.20, 2006.11.30, urgency: MEDIUM: +* Release notes + - The new transfer() function has been well tested. + I recommend upgrading any previous version with this one. +* Bugfixes + - Fixed support for encrypted passphrases on Unix (broken in 4.19). + - Reduced amount of debug logs. + - A minor man page update. + +Version 4.19, 2006.11.11, urgency: LOW/EXPERIMENTAL: +* Release notes + - There are a lot of new features in this version. I recommend + to test it well before upgrading your mission-critical systems. +* New features + - New service-level option to specify OCSP server flag: + OCSPflag = + - "protocolCredentials" option changed to "protocolUsername" + and "protocolPassword" + - NTLM support to be enabled with the new service-level option: + protocolAuthentication = NTLM + - imap protocol negotiation support added. + - Passphrase cache was added so the user does not need to reenter + the same passphrase for each defined service any more. + - New service-level option to retry exec+connect section: + retry = yes|no + - Local IP and port is logged for each established connection. + - Win32 DLLs for OpenSSL 0.9.8d. +* Bugfixes + - Serious problem with SSL_WANT_* retries fixed. + The new code requires extensive testing! + +Version 4.18, 2006.09.26, urgency: MEDIUM: +* Bugfixes + - GPF on entering private key pass phrase on Win32 fixed. + - Updated OpenSSL Win32 DLLs. + - Minor configure script update. + +Version 4.17, 2006.09.10, urgency: MEDIUM: +* New features + - Win32 DLLs for OpenSSL 0.9.8c. +* Bugfixes + - Problem with detecting getaddrinfo() in ./configure fixed. + - Compilation problem due to misplaced #endif in ssl.c fixed. + - Duplicate 220 in smtp_server() function in protocol.c fixed. + - Minor os2.mak update. + - Minor update of safestring()/safename() macros. + +Version 4.16, 2006.08.31, urgency: MEDIUM: +* New features sponsored by Hewlett-Packard + - A new global option to control engine: + engineCtrl = [:] + - A new service-level option to select engine to read private key: + engineNum = + - OCSP support: + ocsp = +* New features + - A new option to select version of SSL protocol: + sslVersion = all|SSLv2|SSLv3|TLSv1 + - Visual Studio vc.mak by David Gillingham . + - OS2 support by Paul Smedley (http://smedley.info) +* Bugfixes + - An ordinary user can install stunnel again. + - Compilation problem with --enable-dh fixed. + - Some minor compilation warnings fixed. + - Service-level CRL cert store implemented. + - GPF on protocol negotiations fixed. + - Problem detecting addrinfo() on Tru64 fixed. + - Default group is now detected by configure script. + - Check for maximum number of defined services added. + - OpenSSL_add_all_algorithms() added to SSL initialization. + - configure script sections reordered to detect pthread library funcions. + - RFC 2487 autodetection improved. High resolution s_poll_wait() + not currently supported by UCONTEXT threading. + - More precise description of cert directory file names (thx to Muhammad + Muquit). +* Other changes + - Maximum number of services increased from 64 to 256 when poll() is used. + +Version 4.15, 2006.03.11, urgency: LOW: +* Release notes + - There are a lot of new features in this version. I recommend + to test it well before upgrading your mission-critical systems. +* Bugfixes + - Fix for pthreads on Solaris 10. + - Attempt to autodetect socklen_t type in configure script. + - Default threading model changed to pthread for better portability. + - DH parameters are not included in the certificate by default. +* New features sponsored by Software House http://www.swhouse.com/ + - Most SSL-related options (including client, cert, key) are now + available on service-level, so it is possible to have an SSL + client and an SSL server in a single stunnel process. + - Windows CE (version 3.0 and higher) support. +* New features + - Client mode CONNECT protocol support (RFC 2817 section 5.2). + http://www.ietf.org/rfc/rfc2817.txt + - Retrying exec+connect services added. +* File locations are more compliant to Filesystem Hierarchy Standard 2.3 + - configuration and certificates are in $prefix/etc/stunnel/ + - binaries are in $prefix/sbin/ + - default pid file is $prefix/var/run/stunnel.pid + - manual is $prefix/man/man8/stunnel.8 + - other docs are in $prefix/share/doc/stunnel/ + - libstunnel is in $prefix/lib + - chroot directory is setup in $prefix/var/lib/stunnel/ + this directory is chmoded 1770 and group nogroup + +Version 4.14, 2005.11.02, urgency: HIGH: +* Bugfixes + - transfer() fixed to avoid random stalls introduced in version 4.12. + - poll() error handing bug fixed. + - Checking for dynamic loader libraries added again. + - Default pidfile changed from $localstatedir/run/stunnel.pid + to $localstatedir/stunnel/stunnel.pid. + - Basic SSL library initialization moved to the beginning of execution. +* Release notes + - This is an important bugfix release. Upgrade is recommended. + +Version 4.13, 2005.10.21, urgency: MEDIUM: +* DLLs for OpenSSL 0.9.7i included because protection faults were reported + in 0.9.8 and 0.9.8a. +* New features + - Libwrap code is executed as a separate process (no more delays due + to a global and potentially long critical section). +* Bugfixes + - Problem with zombies in UCONTEXT threading fixed. + - Workaround for non-standard makecontext() uc_stack.ss_sp parameter + semantics on SGI IRIX. + - Protection fault in signals handling on IRIX fixed. + - Problem finding pthread library on AIX fixed. + - size_t printf() fixed in stack_info() (the previous fix didn't work). + - socklen_t is used instead of int where required. + +Version 4.12, 2005.09.29, urgency: MEDIUM: +* New features + - Win32 installer added. + - New Win32 commandline options: -start and -stop. + - Log level and thread number are reported to syslog. + - DLLs for OpenSSL 0.9.8. + - stunnel.spec updated by neeo . +* Bugfixes + - Use of broken poll() is disabled on Mac OS X. + - Yet another transfer() infinite loop condition fixed. + - Workaround for a serious M$ bug (KB177346). + - IPv6 DLLs allocation problem resulting in GPF on W2K fixed. + - zlib added to shared libraries (OpenSSL may need it). + - size_t printf() fixed in stack_info(). +* Release notes + - This is a bugfix release. Upgrade is recommended. + +Version 4.11, 2005.07.09, urgency: MEDIUM: +* New features + - New ./configure option --with-threads to select thread model. + - ./configure option --with-tcp-wrappers renamed to --disable-libwrap. + I hope the meaning of the option is much more clear, now. +* Bugfixes + - Workaround for non-standard makecontext() uc_stack.ss_sp parameter + semantics on Sparc/Solaris 9 and earlier. + - scan_waiting_queue() no longer drops contexts. + - Inetd mode GPFs with UCONTEXT fixed. + - Cleanup context is no longer used. + - Releasing memory of the current context is delayed. + - Win32 headers reordered for Visual Studio 7. + - Some Solaris compilation warnings fixed. + - Rejected inetd mode without 'connect' or 'exec'. +* Release notes + - UCONTEXT threading seems stable, now. Upgrade is recommended. + +Version 4.10, 2005.04.23, urgency: LOW/EXPERIMENTAL: +* DLLs for OpenSSL 0.9.7g. +* Bugfixes + - Missing locking on Win32 platform was added (thx to Yi Lin + ) + - Some problems with closing SSL fixed. +* New features + - New UCONTEXT user-level non-preemptive threads model is used + on systems that support SYSV-compatible ucontext.h. + - Improved stunnel3 script with getopt-compatible syntax. +* Release notes + - This version should be thoroughly tested before using it in the + mission-critical environment. + +Version 4.09, 2005.03.26, urgency: MEDIUM: +* DLLs for OpenSSL 0.9.7f. +* Bugfixes + - Compilation problem with undeclared socklen_t fixed. + - TIMEOUTclose is not used when there is any data in the buffers. + - Stunnel no longer relies on close_notify with SSL 2.0 connections, + since SSL 2.0 protocol does not have any alerts defined. + - Closing SSL socket when there is some data in SSL output buffer + is detected and reported as an error. + - Install/chmod race condition when installing default certificate fixed. + - Stunnel no longer installs signal_handler on ignored signals. + +Version 4.08, 2005.02.27, urgency: LOW: +* New features + - New -quiet option was added to install NT service without a message box. +* Bugfixes + - Using $(DESTDIR) in tools/Makefile.am. + - Define NI_NUMERICHOST and NI_NUMERICSERV when needed. + - Length of configuration file line increased from 256B to 16KB. + - Stunnel sends close_notify when a close_notify is received from SSL + peer and all remaining data is sent to SSL peer. + - Some fixes for bugs detected by the watchdog. +* Release notes + - There were many changes in the transfer() function (the main loop). + - This version should be thoroughly tested before using it in the + mission-critical environment. + +Version 4.07, 2005.01.03, urgency: MEDIUM: +* Bugfixes + - Problem with infinite poll() timeout negative, but not equal to -1 fixed. + - Problem with a file descriptor ready to be read just after a non-blocking + connect call fixed. + - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed. + - IP address and TCP port textual representation length (IPLEN) increased + to 128 bytes. + - OpenSSL engine support is only used if engine.h header file exists. + - Broken NT Service mode on Win32 platform fixed. + - Support for IPv4-only Win32 machines restored. + +Version 4.06, 2004.12.26, urgency: LOW: +* New feature sponsored by SURFnet http://www.surfnet.nl/ + - IPv6 support (to be enabled with ./configure --enable-ipv6). +* New features + - poll() support - no more FD_SETSIZE limit! + - Multiple connect=host:port options are allowed in a single service + section. Remote hosts are connected using round-robin algorithm. + This feature is not compatible with delayed resolver. + - New 'compression' option to enable compression. To use zlib + algorithm you have to enable it when building OpenSSL library. + - New 'engine' option to select a hardware engine. + - New 'TIMEOUTconnect' option with 10 seconds default added. + - stunnel3 perl script to emulate version 3.x command line options. + - French manual updated by Bernard Choppy . + - A watchdog to detect transfer() infinite loops added. + - Configuration file comment character changed from '#' to ';'. + '#' will still be recognized to keep compatibility. + - MT-safe getaddrinfo() and getnameinfo() are used where available + to get better performance on resolver calls. + - Automake upgraded from 1.4-p4 to 1.7.9. +* Bugfixes + - log() changed to s_log() to avoid conflicts on some systems. + - Common CRIT_INET critical section introduced instead of separate + CRIT_NTOA and CRIT_RESOLVER to avoid potential problems with + libwrap (TCP Wrappers) library. + - CreateThread() finally replaced with _beginthread() on Win32. + - make install creates $(localstatedir)/stunnel. + $(localstatedir)/stunnel/dev/zero is also created on Solaris. + - Race condition with client session cache fixed. + - Other minor bugfixes. +* Release notes + - Win32 port requires Winsock2 to work. + Some Win95 systems may need a free update from Microsoft. + http://www.microsoft.com/windows95/downloads/ + - Default is *not* to use IPv6 '::' for accept and '::1' for + connect. For example to accept pop3s on IPv6 you could use: + 'accept = :::995'. I hope the new syntax is clear enough. + +Version 4.05, 2004.02.14, urgency: MEDIUM: +* New feature sponsored by SURFnet http://www.surfnet.nl/ + - Support for CIFS aka SMB protocol SSL negotiation. +* New features + - CRL support with new CRLpath and CRLfile global options. + - New 'taskbar' option on Win32 (thx to Ken Mattsen + ). + - New -fd command line parameter to read configuration + from a specified file descriptor instead of a file. + - accept is reported as error when no '[section]' is + defined (in stunnel 4.04 it was silently ignored causing + problems for lusers who did not read the fine manual). + - Use fcntl() instead of ioctlsocket() to set socket + nonblocking where it is supported. + - Basic support for hardware engines with OpenSSL >= 0.9.7. + - French manual by Bernard Choppy . + - Thread stack size reduced to 64KB for maximum scalability. + - Added optional code to debug thread stack usage. + - Support for nsr-tandem-nsk (thx to Tom Bates ). +* Bugfixes + - TCP wrappers code moved to CRIT_NTOA critical section + since it uses static inet_ntoa() result buffer. + - SSL_ERROR_SYSCALL handling problems fixed. + - added code to retry nonblocking SSL_shutdown() calls. + - Use FD_SETSIZE instead of 16 file descriptors in inetd + mode. + - fdscanf groks lowercase protocol negotiation commands. + - Win32 taskbar GDI objects leak fixed. + - Libwrap detection bug in ./configure script fixed. + - grp.h header detection fixed for NetBSD and possibly + other systems. + - Some other minor updates. + +Version 4.04, 2003.01.12, urgency: MEDIUM: +* New feature sponsored by SURFnet http://www.surfnet.nl/ + - Encrypted private key can be used with Win32 GUI. +* New features + - New 'options' configuration option to setup + OpenSSL library hacks with SSL_CTX_set_options(). + - 'service' option also changes the name for + TCP Wrappers access control in inetd mode. + - Support for BeOS (thx to Mike I. Kozin ) + - SSL is negotiated before connecting remote host + or spawning local process whenever possible. + - REMOTE_HOST variable is always placed in the + enrivonment of a process spawned with 'exec'. + - Whole SSL error stack is dumped on errors. + - 'make cert' rule is back (was missing since 4.00). + - Manual page updated (special thanks to Brian Hatch). + - TODO updated. +* Bugfixes + - Major code cleanup (thx to Steve Grubb ). + - Unsafe functions are removed from SIGCHLD handler. + - Several bugs in auth_user() fixed. + - Incorrect port when using 'local' option fixed. + - OpenSSL tools '-rand' option is no longer directly + used with a device (like '/dev/urandom'). + Temporary random file is created with 'dd' instead. +* DLLs for OpenSSL 0.9.7. + +Version 4.03, 2002.10.27, urgency: HIGH: +* NT Service (broken since 4.01) is operational again. +* Memory leak in FORK environments fixed. +* sigprocmask() mistake corrected. +* struct timeval is reinitialized before select(). +* EAGAIN handled in client.c for AIX. +* Manual page updated. + +Version 4.02, 2002.10.21, urgency: HIGH: +* Serious bug in ECONNRESET handling fixed. + +Version 4.01, 2002.10.20, urgency: MEDIUM: +* New features + - OpenVMS support. + - Polish manual and some manual updates. + - 'service' option added on Win32 platform. + - Obsolete FAQ has been removed. + - Log file is created with 0640 mode. + - exec->connect service sections (need more testing). +* Bugfixes + - EINTR ingored in main select() loop. + - Fixed problem with stunnel closing connections on + TIMEOUTclose before all the data is sent. + - Fixed EWOULDBLOCK on writesocket problem. + - Potential DOS in Win32 GUI fixed. + - Solaris compilation problem fixed. + - Libtool configuration problems fixed. + - Signal mask is cleared just before exec in local mode. + - Accepting sockets and log file descriptors are no longer + leaked to the child processes. +Special thanks to Steve Grubb for the source code audit. + +Version 4.00, 2002.08.30, urgency: LOW: +* New features sponsored by MAXIMUS http://www.maximus.com/ + - New user interface (config file). + - Single daemon can listen on multiple ports, now. + - Native Win32 GUI added. + - Native NT/2000/XP service added. + - Delayed DNS lookup added. +* Other new features + - All the timeouts are now configurable including + TIMEOUTclose that can be set to 0 for MSIE and other + buggy clients that do not send close_notify. + - Stunnel process can be chrooted in a specified directory. + - Numerical values for setuid() and setgid() are allowed, now. + - Confusing code for setting certificate defaults introduced in + version 3.8p3 was removed to simplify stunnel setup. + There are no built-in defaults for CApath and CAfile options. + - Private key file for a certificate can be kept in a separate + file. Default remains to keep it in the cert file. + - Manual page updated. + - New FHS-compatible build system based on automake and libtool. +* Bugfixes + - `SSL socket closed on SSL_write' problem fixed. + - Problem with localtime() crashing Solaris 8 fixed. + - Problem with tcp wrappers library detection fixed. + - Cygwin (http://www.cygwin.com/) support added. + - __svr4__ macro defined for Sun C/C++ compiler. +* DLLs for OpenSSL 0.9.6g. + +Version 3.22, 2001.12.20, urgency: HIGH: +* Format string bug fixed in protocol.c + smtp, pop3 and nntp in client mode were affected. + (stunnel clients could be attacked by malicious servers) +* Certificate chain can be supplied with -p option or in stunnel.pem. +* Problem with -r and -l options used together fixed. +* memmove() instead of memcpy() is used to move data in buffers. +* More detailed information about negotiated ciphers is printed. +* New ./configure options: '--enable-no-rsa' and '--enable-dh'. + +Version 3.21c, 2001.11.11, urgency: LOW: +* autoconf scripts upgraded to version 2.52. +* Problem with pthread_sigmask on Darwin fixed (I hope). +* Some documentation typos corrected. +* Attempt to ignore EINTR in transfer(). +* Shared library version reported on startup. +* DLLs for OpenSSL 0.9.6b. + +Version 3.21b, 2001.11.03, urgency: MEDIUM: +* File descriptor leak on failed connect() fixed. + +Version 3.21a, 2001.10.31, urgency: MEDIUM: +* Small bug in Makefile fixed. + +Version 3.21, 2001.10.31, urgency: MEDIUM: +* Problem with errno and posix threads fixed. +* It is assumed that system has getopt() if it has getopt.h header file. +* SSL_CLIENT_DN and SSL_CLIENT_I_DN environment variables set in local mode + (-l) process. This feature doesn't work if + client mode (-c) or protocol negotiation (-n) is used. +* Winsock error descriptions hardcoded (English version only). +* SetConsoleCtrlHandler() used to handle CTRL+C, logoff and shutdown on Win32. +* Stunnel always requests peer certificate with -v 0. +* sysconf()/getrlimit() used to calculate number of clients allowed. +* SSL mode changed for OpenSSL >= 0.9.6. +* close-on-exec option used to avoid socket inheriting. +* Buffer size increased from 8KB to 16KB. +* fdscanf()/fdprintf() changes: + - non-blocking socket support, + - timeout after 1 minute of inactivity. +* auth_user() redesigned to force 1 minute timeout. +* Some source arrangement towards 4.x architecture. +* No need for 'goto' any more. +* New Makefile 'test' rule. It performs basic test of + standalone/inetd, remote/local and server/client mode. +* pop3 server mode support added. + +Version 3.20, 2001.08.15, urgency: LOW: +* setsockopt() optlen set according to the optval for Solaris. +* Minor NetBSD compatibility fixes by Martti Kuparinen. +* Minor MSVC 6.0 compatibility fixes by Patrick Mayweg. +* SSL close_notify timeout reduced to 10 seconds of inactivity. +* Socket close instead of reset on close_notify timeout. +* Some source arrangement and minor bugfixes. + +Version 3.19, 2001.08.10, urgency: MEDIUM: +* Critical section added around non MT-safe TCP Wrappers code. +* Problem with 'select: Interrupted system call' error fixed. +* errno replaced with get_last_socket_error() for Win32. +* Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen. +* Local mode process pid logged. +* Default FQDN (localhost) removed from stunnel.cnf +* ./configure changed to recognize POSIX threads library on OSF. +* New -O option to set socket options. + +Version 3.18, 2001.07.31, urgency: MEDIUM: +* MAX_CLIENTS is calculated based on FD_SETSIZE, now. +* Problems with closing SSL in transfer() fixed. +* -I option to bind a static local IP address added. +* Debug output of info_callback redesigned. + +Version 3.17, 2001.07.29, urgency: MEDIUM: +* Problem with GPF on exit with active threads fixed. +* Timeout for transfer() function added: + - 1 hour if socket is open for read + - 1 minute if socket is closed for read + +Version 3.16, 2001.07.22, urgency: MEDIUM: +* Some transfer() bugfixes/improvements. +* STDIN/STDOUT are no longer assumed to be non-socket descriptors. +* Problem with --with-tcp-wrappers patch fixed. +* pop3 and nntp support bug fixed by Martin Germann. +* -o option to append log messages to a file added. +* Changed error message for SSL error 0. + +Version 3.15, 2001.07.15, urgency: MEDIUM: +* Serious bug resulting in random transfer() hangs fixed. +* Separate file descriptors are used for inetd mode. +* -f (foreground) logs are now stamped with time. +* New ./configure option: --with-tcp-wrappers by Brian Hatch. +* pop3 protocol client support (-n pop3) by Martin Germann. +* nntp protocol client support (-n nntp) by Martin Germann. +* RFC 2487 (smtp STARTTLS) client mode support. +* Transparency support for Tru64 added. +* Some #includes for AIX added. + +Version 3.14, 2001.02.21, urgency: LOW: +* Pidfile creation algorithm has been changed. + +Version 3.13, 2001.01.25, urgency: MEDIUM: +* pthread_sigmask() argument in sthreads.c corrected. +* OOB data is now handled correctly. + +Version 3.12, 2001.01.24, urgency: LOW: +* Attempted to fix problem with zombies in local mode. +* Patch for 64-bit machines by Nalin Dahyabhai applied. +* Tiny bugfix for OSF cc by Dobrica Pavlinusic added. +* PORTS file updated. + +Version 3.11, 2000.12.21, urgency: MEDIUM: +* New problem with zombies fixed. +* Attempt to be integer-size independent. +* SIGHUP handler added. + +Version 3.10, 2000.12.19, urgency: MEDIUM: +* Internal thread synchronization code added. +* libdl added to stunnel dependencies if it exists. +* Manpage converted to sdf format. +* stunnel deletes pid file before attempting to create it. +* Documentation updates. +* -D option now takes [facility].level as argument. 0-7 still supported. +* Problems with occasional zombies in FORK mode fixed. +* 'stunnel.exe' rule added to Makefile. + You can cross-compile stunnel.exe on Unix, now. + I'd like to be able to compile OpenSSL this way, too... + +Version 3.9, 2000.12.13, urgency: HIGH: +* Updated temporary key generation: + - stunnel is now honoring requested key-lengths correctly, + - temporary key is changed every hour. +* transfer() no longer hangs on some platforms. + Special thanks to Peter Wagemans for the patch. +* Potential security problem with syslog() call fixed. + +Version 3.8p4, 2000.06.25 bri@stunnel.org: +* fixes for Windows platform + +Version 3.8p3, 2000.06.24 bri@stunnel.org: +* Compile time definitions for the following: + --with-cert-dir + --with-cert-file + --with-pem-dir + --enable-ssllib-cs +* use daemon() function instead of daemonize, if available +* fixed FreeBSD threads checking (patch from robertw@wojo.com) +* added -S flag, allowing you to choose which default verify + sources to use +* relocated service name output logging until after log_open. + (no longer outputs log info to inetd socket, causing bad SSL) +* -V flag now outputs the default values used by stunnel +* Removed DH param generation in Makefile.in +* Moved stunnel.pem to sample.pem to keep people from blindly using it +* Removed confusing stunnel.pem check from Makefile. + +* UPGRADE NOTE: this version seriously changes several previous stunnel + default behaviours. There are no longer any default cert file/dirs + compiled into stunnel, you must use the --with-cert-dir and + --with-cert-file configure arguments to set these manually, if desired. + Stunnel does not use the underlying ssl library defaults by default + unless configured with --enable-ssllib-cs. Note that these can always + be enabled at run time with the -A,-a, and -S flags. + Additionally, unless --with-pem-dir is specified at compile time, + stunnel will default to looking for stunnel.pem in the current directory. + +Version 3.8p2, 2000.06.13 bri@stunnel.org: +* Fixes for Win32 platform +* Minor output formatting changes +* Fixed version number in files + +Version 3.8p1, 2000.06.11 bri@stunnel.org: +* Added rigorous PRNG seeding +* PID changes (and related security-fix) +* Man page fixes +* Client SSL Session-IDs now used +* -N flag to specify tcpwrapper service name + +Version 3.8, 2000.02.24: +* Checking for threads in c_r library for FreeBSD. +* Some compatibility fixes for Ultrix. +* configure.in has been cleaned up. + Separate directories for SSL certs and SSL libraries/headers + are no longer supported. SSL ports maintainers should create + softlinks in the main openssl directory if necessary. +* Added --with-ssl option to specify SSL directory. +* Added setgid (-g) option. + (Special thanks to Brian Hatch for his feedback and support) +* Added pty.c based on a Public Domain code by Tatu Ylonen +* Distribution files are now signed with GnuPG + +Version 3.7, 2000.02.10: +* /usr/pkg added to list of possible SSL directories for pkgsrc installs + of OpenSSL under NetBSD. +* Added the -s option, which setuid()s to the specified user when running + in daemon mode. Useful for cyrus imapd. + (both based on patch by George Coulouris) +* PTY code ported to Solaris. The port needs some more testing. +* Added handler for SIGINT. +* Added --with-random option to ./configure script. +* Fixed some problems with autoconfiguration on Solaris and others. + It doesn't use config.h any more. +* /var/run changed to @localstatedir@/stunnel for better portability. + The directory is chmoded a=rwx,+t. +* FAQ has been updated. + +3.6 2000.02.03 +* Automatic RFC 2487 detection based on patch by Pascual Perez and Borja Perez. +* Non-blocking sockets not used by default. +* DH support is disabled by default. +* (both can be enabled in ssl.c) + +3.5 2000.02.02 +* Support for openssl 0.9.4 added. +* /usr/ssl added to configure by Christian Zuckschwerdt. +* Added tunneling for PPP through the addition of PTY handling. +* Added some documentation. + +3.4a 1999.07.13 (bugfix release) +* Problem with cipher negotiation fixed. +* setenv changed to putenv. + +3.4 1999.07.12 +* Local transparent proxy added with LD_PRELOADed shared library. +* DH code rewritten. +* Added -C option to set cipher list. +* stderr fflushed after fprintf(). +* Minor portability bugfixes. +* Manual updated (but still not perfect). + +3.3 1999.06.18 +* Support for openssl 0.9.3 added. +* Generic support for protocol negotiation added (protocol.c). +* SMTP protocol negotiation support for Netscape client added. +* Transparent proxy mode (currently works on Linux only). +* SO_REUSEADDR enabled on listening socket in daemon mode. +* ./configure now accepts --prefix parameter. +* -Wall is only used with gcc compiler. +* Makefile.in and configure.in updated. +* SSL-related functions moved to a separate file. +* vsprintf changed to vsnprintf in log.c on systems have it. +* Pidfile in /var/run added for daemon mode. +* RSAref support fix (not tested). +* Some compatibility fixes for Solaris and NetBSD added. + +3.2 1999.04.28 +* RSAref support (not tested). +* Added full duplex with non-blocking sockets. +* RST sent instead of FIN on peer error (on error peer + socket is reset - not just closed). +* RSA temporary key length changed back to 512 bits to fix + a problem with Netscape. +* Added NO_RSA for US citizens having problems with patents. + +3.1 1999.04.22 +* Changed -l syntax (first argument specified is now argv[0]). +* Fixed problem with options passed to locally executed daemon. +* Fixed problem with ':' passed to libwrap in a service name: + - ':' has been changed to '.'; + - user can specify his own service name as an argument. +* RSA temporary key length changed from 512 to 1024 bits. +* Added safecopy to avoid buffer overflows in stunnel.c. +* Fixed problems with GPF after unsuccessful resolver call + and incorrect parameters passed to getopt() in Win32. +* FAQ updated. + +3.0 1999.04.19 +* Some bugfixes. +* FAQ added. + +3.0b7 1999.04.14 +* Win32 native port fixed (looks quite stable). +* New transfer() function algorithm. +* New 'make cert' to be compatible with openssl-0.9.2b. +* Removed support for memory leaks debugging. + +3.0b6 1999.04.01 +* Fixed problems with session cache (by Adam). +* Added client mode session cache. +* Source structure, autoconf script and Makefile changed. +* Added -D option to set debug level. +* Added support for memory leaks debugging + (SSL library needs to be compiled with -DMFUNC). + +3.0b5 1999.03.25 +* Lots of changes to make threads work. +* Peer (client and server) authentication works! +* Added -V option to display version. + +3.0b4 1999.03.22 +* Early POSIX threads implementation. +* Work on porting to native Win32 application started. + +3.0b3 1999.03.05 +* Improved behavior on heavy load. + +3.0b2 1999.03.04 +* Fixed -v parsing bug. + +3.0b1 1999.01.18 +* New user interface. +* Client mode added. +* Peer certificate verification added (=strong authentication). +* Win32 port added. +* Other minor problems fixed. + +2.1 1998.06.01 +* Few bugs fixed. + +2.0 1998.05.25 +* Remote mode added! +* Standalone mode added! +* tcpd functionality added by libwrap utilization. +* DH callbacks removed by kravietZ. +* bind loopback on Intel and other bugs fixed by kravietZ. +* New manual page by kravietZ & myself. + +1.6 1998.02.24 +* Linux bind fix. +* New TODO ideas! + +1.5 1998.02.24 +* make_sockets() implemented with Internet sockets instead + of Unix sockets for better compatibility. + (i.e. to avoid random data returned by getpeername(2)) + This feature can be disabled in stunnel.c. + +1.4 1998.02.16 +* Ported to HP-UX, Solaris and probably other UNIXes. +* Autoconfiguration added. + +1.3 1998.02.14 +* Man page by Pawel Krawczyk added! +* Copyrights added. +* Minor errors corrected. + +1.2 1998.02.14 +* Separate certificate for each service added. +* Connection logging support. + +1.1 1998.02.14 +* Callback functions added by Pawel Krawczyk . + +1.0 1998.02.11 +* First version with SSL support + - special thx to Adam Hernik . + +0.1 1998.02.10 +* Testing skeleton. + diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..9458fc7 --- /dev/null +++ b/INSTALL @@ -0,0 +1,40 @@ +stunnel Unix install notes + + +1. If your machine supports POSIX threads make sure your SSL + library is compiled with -DTHREADS. + +2. Compile the software: + + ./configure + make + make install + + (see potential options for 'configure' at the end of this file) + +3. Create stunnel configuration file (stunnel.conf). + +4. Add stunnel invocation to your system's startup files. + For SysV-compatible init you can use stunnel.init script. + + or + + Modify /etc/services and /etc/inetd.conf, restart inetd (inetd mode). + + See the manual for details. + +5. There are a variety of compile-time options you may supply when + running configure. Most commonly used are: + + --with-ssl=DIR + where your SSL libraries and include files are installed + + --with-random=FILE + read randomness from FILE for PRNG seeding + + --with-egd-socket=FILE + location of Entropy Gathering Daemon socket, if running EGD + (for example on a machine that lacks a /dev/urandom device) + + Use `./configure --help' to see all the options. + diff --git a/INSTALL.FIPS b/INSTALL.FIPS new file mode 100644 index 0000000..e438f9a --- /dev/null +++ b/INSTALL.FIPS @@ -0,0 +1,23 @@ +stunnel FIPS install notes + + +Unix HOWTO: +FIPS mode is autodetected if possible. You can force it with: + ./configure --enable-fips +or disable with: + ./configure --disable-fips + +WIN32 HOWTO: +* On 32-bit Windows install one of the following compilers: + - MSVC 8.0 (VS 2005) Standard or Professional Edition + - MSVC 9.0 (VS 2008) any edition including Express Edition +* On 64-bit Windows install one of the following compilers: + - MSVC 8.0 (VS 2005) Standard or Professional Edition + - MSVC 9.0 (VS 2008) Standard or Professional Edition +* Build FIPS-compliant OpenSSL DLLS according to: + http://www.openssl.org/docs/fips/UserGuide-1.2.pdf +* Build stunnel normally with MSVC or Mingw. + Mingw build requires DLL stubs. Stubs can be built with: + dlltool --def ms/libeay32.def --output-lib libcrypto.a + dlltool --def ms/ssleay32.def --output-lib libssl.a + diff --git a/INSTALL.W32 b/INSTALL.W32 new file mode 100644 index 0000000..fa6a85d --- /dev/null +++ b/INSTALL.W32 @@ -0,0 +1,51 @@ +stunnel Windows install notes + + +Building stunnel from source (optional): + + 1) Install mingw32 cross-compiler o a Unix/Linux machine. + In Debian all you need is: + apt-get install gcc-mingw32 + Native compilation on a Windows machine is possible, but not supported. + + 2) Download the recent zlib from http://www.zlib.net/ + Update the following definitions in win32/Makefile.gcc file: + SHARED_MODE=1 + PREFIX = i586-mingw32msvc- + then build zlib with: + make -f win32/Makefile.gcc + and install it in mingw32 tree: + sudo BINARY_PATH=~/ \ + INCLUDE_PATH=/usr/i586-mingw32msvc/include/ \ + LIBRARY_PATH=/usr/i586-mingw32msvc/lib/ \ + make -f win32/Makefile.gcc install + + 3) Download the recent OpenSSL in unpack it to /usr/src/ directory. + cd /usr/src + tar zvxf ~/openssl-(version).tar.gz + mv openssl-(version) openssl-(version)-i586 + + 4) Build OpenSSL. + ./Configure --cross-compile-prefix=i586-mingw32msvc- mingw shared zlib-dynamic + make + + 5) Download and unpack stunnel-(version).tar.gz. + + 6) Configure stunnel. + cd stunnel-(version) + ./configure --with-ssl=/path/to/openssl-(version) + + 7) Build windows executable. + cd src + make stunnel.exe + + +Installing stunnel: + + 1) run installer to install precompiled binaries or copy stunnel.exe and + OpenSSL DLLs into a directory + + 2) read the manual (stunnel.html) + + 3) create/edit stunnel.conf configuration file + diff --git a/INSTALL.WCE b/INSTALL.WCE new file mode 100644 index 0000000..9f7aa63 --- /dev/null +++ b/INSTALL.WCE @@ -0,0 +1,45 @@ +stunnel Windows CE install notes + + +Two stunnel executables are available for Windows CE platform: + + 1) stunnel.exe - version with interactive GUI + + 2) tstunnel.exe - non-iteractive version for headless devices + + +Building stunnel from source (optional): + + 1) install the following tools: + evt2002web_min.exe from http://www.microsoft.com/ + ActivePerl from http://www.activestate.com/Products/ActivePerl/ + unzip.exe (file needs to be renamed) from + http://www.mirrorservice.org/sites/ftp.info-zip.org/pub/infozip/WIN32/ + + 2) download the OpenSSL source files (the whole directory): + ftp://ftp.stunnel.org/stunnel/openssl/ce/ + + 3) your directory should look like this: + build.bat + build.pl + unzip.exe + src\openssl-0.9.8a.zip + src\wcecompat-1.2.zip + + 4) type "build" to build OpenSSL + + 5) download and unpack stunnel-(version).tar.gz + + 4) enter "stunnel-(version)\src" subdirectory + + 5) type "makece" to build stunnel + + +Installing stunnel: + + 1) copy OpenSSL DLLs and stunnel.exe or tstunnel.exe into \stunnel directory + + 2) read the manual (stunnel.html) + + 3) create/edit stunnel.conf configuration file + diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..bdc33e4 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,37 @@ +## Process this file with automake to produce Makefile.in + +ACLOCAL_AMFLAGS = -I m4 + +SUBDIRS = src doc tools + +LIBTOOL_DEPS = @LIBTOOL_DEPS@ +libtool: $(LIBTOOL_DEPS) + $(SHELL) ./config.status libtool + +EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS +EXTRA_DIST += INSTALL.W32 INSTALL.WCE INSTALL.FIPS +EXTRA_DIST += build-android.sh + +docdir = $(datadir)/doc/stunnel +doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog +doc_DATA += PORTS BUGS COPYRIGHT.GPL CREDITS +doc_DATA += INSTALL.W32 INSTALL.WCE INSTALL.FIPS + +distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';' + +distclean-local: + rm -rf autom4te.cache + rm -f $(distdir)-installer.exe + +dist-hook: + makensis -NOCD -DVERSION=${VERSION} -DSRCDIR=$(srcdir) \ + -DDLLS=/usr/src/openssl-0.9.8s-fips/out32dll \ + $(srcdir)/tools/stunnel.nsi + +sign: dist + cp -f $(distdir).tar.gz ../dist + cp -f $(distdir)-installer.exe ../dist + gpg --yes --armor --detach-sign --force-v3-sigs ../dist/$(distdir).tar.gz + gpg --yes --armor --detach-sign --force-v3-sigs ../dist/$(distdir)-installer.exe + sha256sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha256 + diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..bb6c5d2 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,780 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = . +DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS COPYING \ + ChangeLog INSTALL NEWS TODO auto/compile auto/config.guess \ + auto/config.sub auto/depcomp auto/install-sh auto/ltmain.sh \ + auto/missing +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(docdir)" +DATA = $(doc_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir dist dist-all distcheck +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + { test ! -d "$(distdir)" \ + || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr "$(distdir)"; }; } +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_GROUP = @DEFAULT_GROUP@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIBTOOL_DEPS = @LIBTOOL_DEPS@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANDOM_FILE = @RANDOM_FILE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SSLDIR = @SSLDIR@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = $(datadir)/doc/stunnel +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +stunnel_CFLAGS = @stunnel_CFLAGS@ +stunnel_LDFLAGF = @stunnel_LDFLAGF@ +stunnel_LDFLAGS = @stunnel_LDFLAGS@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +ACLOCAL_AMFLAGS = -I m4 +SUBDIRS = src doc tools +EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE \ + INSTALL.FIPS build-android.sh +doc_DATA = INSTALL README TODO COPYING AUTHORS ChangeLog PORTS BUGS \ + COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE INSTALL.FIPS +distcleancheck_listfiles = find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';' +all: all-recursive + +.SUFFIXES: +am--refresh: + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool config.lt +install-docDATA: $(doc_DATA) + @$(NORMAL_INSTALL) + test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)" + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ + done + +uninstall-docDATA: + @$(NORMAL_UNINSTALL) + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(docdir)" && rm -f $$files + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 + $(am__remove_distdir) + +dist-lzma: distdir + tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma + $(am__remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz + $(am__remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__remove_distdir) + +dist dist-all: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lzma*) \ + lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir); chmod a+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @$(am__cd) '$(distuninstallcheck_dir)' \ + && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile $(DATA) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(docdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-libtool \ + distclean-local distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: install-docDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-docDATA + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am am--refresh check check-am clean clean-generic \ + clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ + dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-xz \ + dist-zip distcheck distclean distclean-generic \ + distclean-libtool distclean-local distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-docDATA install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-recursive uninstall uninstall-am uninstall-docDATA + +libtool: $(LIBTOOL_DEPS) + $(SHELL) ./config.status libtool + +distclean-local: + rm -rf autom4te.cache + rm -f $(distdir)-installer.exe + +dist-hook: + makensis -NOCD -DVERSION=${VERSION} -DSRCDIR=$(srcdir) \ + -DDLLS=/usr/src/openssl-0.9.8s-fips/out32dll \ + $(srcdir)/tools/stunnel.nsi + +sign: dist + cp -f $(distdir).tar.gz ../dist + cp -f $(distdir)-installer.exe ../dist + gpg --yes --armor --detach-sign --force-v3-sigs ../dist/$(distdir).tar.gz + gpg --yes --armor --detach-sign --force-v3-sigs ../dist/$(distdir)-installer.exe + sha256sum $(distdir).tar.gz | tee ../dist/$(distdir).tar.gz.sha256 + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..1384d3c --- /dev/null +++ b/NEWS @@ -0,0 +1 @@ +See the ChangeLog file for the latest news. diff --git a/PORTS b/PORTS new file mode 100644 index 0000000..7c0f6e5 --- /dev/null +++ b/PORTS @@ -0,0 +1,22 @@ +stunnel known port maintainers + + +* AmigaOS + - Diego Casorran +* Cygwin + - Andrew Schulman +* Debian GNU/Linux + - Luis Rodrigo Gallardo Cruz +* FreeBSD + - Ryan Steinmetz +* NetBSD + - Martti Kuparinen +* OpenBSD + - Jakob Schlyter +* OpenSolaris + - Mark Fenwick +* OS/2 + - Paul Smedley +* RedHat Linux + - Damien Miller + diff --git a/README b/README new file mode 100644 index 0000000..b66a3ed --- /dev/null +++ b/README @@ -0,0 +1,30 @@ +stunnel overview + +Short description + + The stunnel program is designed to work as an SSL encryption + wrapper between remote client and local (inetd-startable) or + remote servers. The goal is to facilitate SSL encryption and + authentication for non-SSL-aware programs. + + stunnel can be used to add SSL functionality to commonly + used inetd daemons like POP-2, POP-3 and IMAP servers + without any changes in the programs' code. + +Compile instructions + + See INSTALL file. + +License + + See COPYING file. + +Other files you should read + + Changelog What I did + TODO What I'm going to do + +Reporting problems and other contacts + + See FAQ file. + diff --git a/TODO b/TODO new file mode 100644 index 0000000..3a2a660 --- /dev/null +++ b/TODO @@ -0,0 +1,39 @@ +stunnel TODO + + +High priority features. They will likely be supported some day. +A sponsor could allocate my time to get them faster. +* Command-line server control interface on both Unix and Windows. +* Separate GUI process running as current user on Windows. +* Optional line-buffering of the log file. +* etc/stunnel/conf.d/* files automatically processed while reading + etc/stunnel/stunnel.conf +* Android GUI. +* Support for CryptoAPI certificates and private keys with OpenSSL CAPI + engine (this feature is incompatible with FIPS support). +* Indirect CRL support (RFC 3280, section 5). +* Configuration file option to limit the number of concurrent connections. +* SOCKS 4 protocol support. + http://archive.socks.permeo.com/protocol/socks4.protocol + +Low priority features. They will unlikely ever be supported. +* Provide 64-bit Windows builds (besides 32-bit builds). + This requires either Microsoft Visual Studio Standard Edition or Microsoft + Visual Studio Professional Edition in order to retain FIPS compliance. +* Service-level logging configuration (separate verbosity and destination). +* Key renegotiation (re-handshake) for long connections. +* Logging to NT EventLog on Windows. +* Internationalization of logged messages (i18n). +* Generic scripting engine instead or static protocol.c. + +Features I won't support, unless convinced otherwise by a wealthy sponsor. +* Protocol support *after* SSL is negotiated: + - Support for adding X-Forwarded-For to HTTP request headers. + This feature is less useful since PROXY protocol support is available. + - Support for adding X-Forwarded-For to SMTP email headers. + This feature is most likely to be implemented as a separate proxy. +* Additional certificate checks (including wildcard comparison) based on CN + and X509v3 Subject Alternative Name. +* Set processes title that appear on the ps(1) and top(1) commands. + I could not find a portable *and* non-copyleft library for it. + diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 0000000..ce7d4c0 --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,991 @@ +# generated automatically by aclocal 1.11.1 -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],, +[m4_warning([this file was generated for autoconf 2.67. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically `autoreconf'.])]) + +# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +# (This private macro should not be called outside this file.) +AC_DEFUN([AM_AUTOMAKE_VERSION], +[am__api_version='1.11' +dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to +dnl require some minimum version. Point them to the right macro. +m4_if([$1], [1.11.1], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl +]) + +# _AM_AUTOCONF_VERSION(VERSION) +# ----------------------------- +# aclocal traces this macro to find the Autoconf version. +# This is a private macro too. Using m4_define simplifies +# the logic in aclocal, which can simply ignore this definition. +m4_define([_AM_AUTOCONF_VERSION], []) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +[AM_AUTOMAKE_VERSION([1.11.1])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to +# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is `.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 9 + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ(2.52)dnl + ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 10 + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], UPC, [depcc="$UPC" am_compiler_list=], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +#serial 5 + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking +# is enabled. FIXME. This creates each `.P' file that we will +# need in order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) +]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 16 + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.62])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl +dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. +m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl +AC_REQUIRE([AM_PROG_MKDIR_P])dnl +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJC], + [_AM_DEPENDENCIES(OBJC)], + [define([AC_PROG_OBJC], + defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl +]) +_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl +dnl The `parallel-tests' driver may need to know about EXEEXT, so add the +dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl +]) + +dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_arg=$1 +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi +AC_SUBST(install_sh)]) + +# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_MAKE_INCLUDE() +# ----------------- +# Check to see how make treats includes. +AC_DEFUN([AM_MAKE_INCLUDE], +[am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +AC_MSG_CHECKING([for style of include used by $am_make]) +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi +AC_SUBST([am__include]) +AC_SUBST([am__quote]) +AC_MSG_RESULT([$_am_result]) +rm -f confinc confmf +]) + +# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 6 + +# AM_PROG_CC_C_O +# -------------- +# Like AC_PROG_CC_C_O, but changed for automake. +AC_DEFUN([AM_PROG_CC_C_O], +[AC_REQUIRE([AC_PROG_CC_C_O])dnl +AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +# FIXME: we rely on the cache variable name because +# there is no other way. +set dummy $CC +am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` +eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o +if test "$am_t" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +dnl Make sure AC_PROG_CC is never called again, or it will override our +dnl setting of CC. +m4_define([AC_PROG_CC], + [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) +]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 6 + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([missing])dnl +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + +# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_MKDIR_P +# --------------- +# Check for `mkdir -p'. +AC_DEFUN([AM_PROG_MKDIR_P], +[AC_PREREQ([2.60])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, +dnl while keeping a definition of mkdir_p for backward compatibility. +dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. +dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of +dnl Makefile.ins that do not define MKDIR_P, so we do our own +dnl adjustment using top_builddir (which is defined more often than +dnl MKDIR_P). +AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl +case $mkdir_p in + [[\\/$]]* | ?:[[\\/]]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac +]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# ------------------------------ +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) + +# _AM_SET_OPTIONS(OPTIONS) +# ---------------------------------- +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 5 + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; +esac + +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT(yes)]) + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor `install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in `make install-strip', and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Copyright (C) 2006, 2008 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of `v7', `ustar', or `pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. +AM_MISSING_PROG([AMTAR], [tar]) +m4_if([$1], [v7], + [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir + +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + +m4_include([m4/libtool.m4]) +m4_include([m4/ltoptions.m4]) +m4_include([m4/ltsugar.m4]) +m4_include([m4/ltversion.m4]) +m4_include([m4/lt~obsolete.m4]) diff --git a/auto/compile b/auto/compile new file mode 100755 index 0000000..c0096a7 --- /dev/null +++ b/auto/compile @@ -0,0 +1,143 @@ +#! /bin/sh +# Wrapper for compilers which do not understand `-c -o'. + +scriptversion=2009-10-06.20; # UTC + +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software +# Foundation, Inc. +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +case $1 in + '') + echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand `-c -o'. +Remove `-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file `INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; +esac + +ofile= +cfile= +eat= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as `compile cc -o foo foo.c'. + # So we strip `-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no `-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # `.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use `[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/auto/config.guess b/auto/config.guess new file mode 100644 index 0000000..8152efd --- /dev/null +++ b/auto/config.guess @@ -0,0 +1,1522 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011 Free Software Foundation, Inc. + +timestamp='2011-11-11' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + i*:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; + arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) + echo hexagon-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) + echo or32-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix\n"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + c34*) + echo c34-convex-bsd + exit ;; + c38*) + echo c38-convex-bsd + exit ;; + c4*) + echo c4-convex-bsd + exit ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/auto/config.sub b/auto/config.sub new file mode 100644 index 0000000..e76eaf4 --- /dev/null +++ b/auto/config.sub @@ -0,0 +1,1771 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011 Free Software Foundation, Inc. + +timestamp='2011-11-11' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Please send patches to . Submit a context +# diff and a properly formatted GNU ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 \ + | ns16k | ns32k \ + | open8 \ + | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze) + basic_machine=microblaze-xilinx + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i386-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/auto/depcomp b/auto/depcomp new file mode 100755 index 0000000..e5f9736 --- /dev/null +++ b/auto/depcomp @@ -0,0 +1,589 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2007-03-29.01 + +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software +# Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by `PROGRAMS ARGS'. + object Object file output by `PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputing dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +## The second -e expression handles DOS-style file names with drive letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the `deleted header file' problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. + tr ' ' ' +' < "$tmpdepfile" | +## Some versions of gcc put a space before the `:'. On the theory +## that the space means something, we add a space to the output as +## well. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like `#:fec' to the end of the + # dependency line. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ + tr ' +' ' ' >> $depfile + echo >> $depfile + + # The second pass generates a dummy entry for each header file. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> $depfile + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts `$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + # Each line is of the form `foo.o: dependent.h'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +icc) + # Intel's C compiler understands `-MD -MF file'. However on + # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c + # ICC 7.0 will fill foo.d with something like + # foo.o: sub/foo.c + # foo.o: sub/foo.h + # which is wrong. We want: + # sub/foo.o: sub/foo.c + # sub/foo.o: sub/foo.h + # sub/foo.c: + # sub/foo.h: + # ICC 7.1 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using \ : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | + sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" + # Add `dependent.h:' lines. + sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in `foo.d' instead, so we check for that too. + # Subdirectories are respected. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + + if test "$libtool" = yes; then + # With Tru64 cc, shared objects can also be used to make a + # static library. This mechanism is used in libtool 1.4 series to + # handle both shared and static libraries in a single compilation. + # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. + # + # With libtool 1.5 this exception was removed, and libtool now + # generates 2 separate objects for the 2 libraries. These two + # compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 + tmpdepfile2=$dir$base.o.d # libtool 1.5 + tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 + tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.o.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + tmpdepfile4=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for `:' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + "$@" $dashmflag | + sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + tr ' ' ' +' < "$tmpdepfile" | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no + for arg in "$@"; do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix="`echo $object | sed 's/^.*\././'`" + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + sed '1,2d' "$tmpdepfile" | tr ' ' ' +' | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E | + sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | + sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o, + # because we must use -o when running libtool. + "$@" || exit $? + IFS=" " + for arg + do + case "$arg" in + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + echo " " >> "$depfile" + . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/auto/install-sh b/auto/install-sh new file mode 100755 index 0000000..a5897de --- /dev/null +++ b/auto/install-sh @@ -0,0 +1,519 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2006-12-25.00 + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + trap '(exit $?); exit' 1 2 13 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dst_arg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test -z "$d" && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/auto/ltmain.sh b/auto/ltmain.sh new file mode 100755 index 0000000..d88da2c --- /dev/null +++ b/auto/ltmain.sh @@ -0,0 +1,8413 @@ +# Generated from ltmain.m4sh. + +# ltmain.sh (GNU libtool) 2.2.6b +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Usage: $progname [OPTION]... [MODE-ARG]... +# +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print informational messages (default) +# --version print version information +# -h, --help print short or long help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . + +PROGRAM=ltmain.sh +PACKAGE=libtool +VERSION="2.2.6b Debian-2.2.6b-2" +TIMESTAMP="" +package_revision=1.3017 + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# NLS nuisances: We save the old values to restore during execute mode. +# Only set LANG and LC_ALL to C if already set. +# These must not be set unconditionally because not all systems understand +# e.g. LANG=C (notably SCO). +lt_user_locale= +lt_safe_locale= +for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" + lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + fi" +done + +$lt_unset CDPATH + + + + + +: ${CP="cp -f"} +: ${ECHO="echo"} +: ${EGREP="/bin/grep -E"} +: ${FGREP="/bin/grep -F"} +: ${GREP="/bin/grep"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SED="/bin/sed"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} +: ${Xsed="$SED -e 1s/^X//"} + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +exit_status=$EXIT_SUCCESS + +# Make sure IFS has a sensible default +lt_nl=' +' +IFS=" $lt_nl" + +dirname="s,/[^/]*$,," +basename="s,^.*/,," + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + +# Generated shell functions inserted here. + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath="$0" + +# The name of this program: +# In the unlikely event $progname began with a '-', it would play havoc with +# func_echo (imagine progname=-n), so we prepend ./ in that case: +func_dirname_and_basename "$progpath" +progname=$func_basename_result +case $progname in + -*) progname=./$progname ;; +esac + +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=: + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/\([`"$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" + +# Standard options: +opt_dry_run=false +opt_help=false +opt_quiet=false +opt_verbose=false +opt_warning=: + +# func_echo arg... +# Echo program name prefixed message, along with the current mode +# name if it has been set yet. +func_echo () +{ + $ECHO "$progname${mode+: }$mode: $*" +} + +# func_verbose arg... +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $opt_verbose && func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + +# func_error arg... +# Echo program name prefixed message to standard error. +func_error () +{ + $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2 +} + +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2 + + # bash bug again: + : +} + +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` + done + my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} + + +# func_mktempdir [string] +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, STRING is the basename for that directory. +func_mktempdir () +{ + my_template="${TMPDIR-/tmp}/${1-$progname}" + + if test "$opt_dry_run" = ":"; then + # Return a directory name, but don't create it in dry-run mode + my_tmpdir="${my_template}-$$" + else + + # If mktemp works, use that first and foremost + my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + + if test ! -d "$my_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" + + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" + fi + + $ECHO "X$my_tmpdir" | $Xsed +} + + +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () +{ + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; + esac + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac +} + + +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "X$1" | $Xsed \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; + *) + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" +} + + +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + + + + + +# func_version +# Echo version message to standard output and exit. +func_version () +{ + $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ + p + }' < "$progpath" + exit $? +} + +# func_usage +# Echo short help message to standard output and exit. +func_usage () +{ + $SED -n '/^# Usage:/,/# -h/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + $ECHO + $ECHO "run \`$progname --help | more' for full usage" + exit $? +} + +# func_help +# Echo long help message to standard output and exit. +func_help () +{ + $SED -n '/^# Usage:/,/# Report bugs to/ { + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + p + }' < "$progpath" + exit $? +} + +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + func_error "missing argument for $1" + exit_cmd=exit +} + +exit_cmd=: + + + + + +# Check that we have a working $ECHO. +if test "X$1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X$1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then + # Yippee, $ECHO works! + : +else + # Restart under the correct shell, and then maybe $ECHO will work. + exec $SHELL "$progpath" --no-reexec ${1+"$@"} +fi + +if test "X$1" = X--fallback-echo; then + # used as fallback echo + shift + cat </dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + +# Parse options once, thoroughly. This comes as soon as possible in +# the script to make things like `libtool --version' happen quickly. +{ + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + esac + + # Parse non-mode specific arguments: + while test "$#" -gt 0; do + opt="$1" + shift + + case $opt in + --config) func_config ;; + + --debug) preserve_args="$preserve_args $opt" + func_echo "enabling shell trace mode" + opt_debug='set -x' + $opt_debug + ;; + + -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break + execute_dlfiles="$execute_dlfiles $1" + shift + ;; + + --dry-run | -n) opt_dry_run=: ;; + --features) func_features ;; + --finish) mode="finish" ;; + + --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break + case $1 in + # Valid mode arguments: + clean) ;; + compile) ;; + execute) ;; + finish) ;; + install) ;; + link) ;; + relink) ;; + uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; + esac + + mode="$1" + shift + ;; + + --preserve-dup-deps) + opt_duplicate_deps=: ;; + + --quiet|--silent) preserve_args="$preserve_args $opt" + opt_silent=: + ;; + + --verbose| -v) preserve_args="$preserve_args $opt" + opt_silent=false + ;; + + --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break + preserve_args="$preserve_args $opt $1" + func_enable_tag "$1" # tagname is set here + shift + ;; + + # Separate optargs to long options: + -dlopen=*|--mode=*|--tag=*) + func_opt_split "$opt" + set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"} + shift + ;; + + -\?|-h) func_usage ;; + --help) opt_help=: ;; + --version) func_version ;; + + -*) func_fatal_help "unrecognized option \`$opt'" ;; + + *) nonopt="$opt" + break + ;; + esac + done + + + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_duplicate_deps + ;; + esac + + # Having warned about all mis-specified options, bail out if + # anything was wrong. + $exit_cmd $EXIT_FAILURE +} + +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +## ----------- ## +## Main. ## +## ----------- ## + +$opt_help || { + # Sanity checks first: + func_check_version_match + + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi + + test -z "$mode" && func_fatal_error "error: you must specify a MODE." + + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$execute_dlfiles" && test "$mode" != execute; then + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help="$help" + help="Try \`$progname --help --mode=$mode' for more information." +} + + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_ltwrapper_scriptname_result="" + if func_ltwrapper_executable_p "$1"; then + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" + fi +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$save_ifs + eval cmd=\"$cmd\" + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# `FILE.' does not work on cygwin managed mounts. +func_source () +{ + $opt_debug + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $opt_debug + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_quote_for_eval "$arg" + CC_quoted="$CC_quoted $func_quote_for_eval_result" + done + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_quote_for_eval "$arg" + CC_quoted="$CC_quoted $func_quote_for_eval_result" + done + case "$@ " in + " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with \`--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=${1} + if test "$build_libtool_libs" = yes; then + write_lobj=\'${2}\' + else + write_lobj=none + fi + + if test "$build_old_libs" = yes; then + write_oldobj=\'${3}\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T <?"'"'"' &()|`$[]' \ + && func_warning "libobj name \`$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname="$func_basename_result" + xdir="$func_dirname_result" + lobj=${xdir}$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test "$build_old_libs" = yes; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test "$compiler_c_o" = no; then + output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext} + lockfile="$output_obj.lock" + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test "$need_locks" = yes; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test "$need_locks" = warn; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + removelist="$removelist $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + removelist="$removelist $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + if test -n "$fix_srcfile_path"; then + eval srcfile=\"$fix_srcfile_path\" + fi + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test "$build_libtool_libs" = yes; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test "$pic_mode" != no; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + command="$command -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test "$suppress_opt" = yes; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test "$build_old_libs" = yes; then + if test "$pic_mode" != yes; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test "$compiler_c_o" = yes; then + command="$command -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + command="$command$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test "$need_locks" != no; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { +test "$mode" = compile && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to building PIC objects only + -prefer-non-pic try to building non-PIC objects only + -shared do not build a \`.o' file suitable for static linking + -static only build a \`.o' file suitable for static linking + +COMPILE-COMMAND is a command to be used in creating a \`standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix \`.c' with the +library object suffix, \`.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to \`-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the \`--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the \`install' or \`cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE Use a list of object files found in FILE to specify objects + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + +All other options (arguments beginning with \`-') are ignored. + +Every other argument is treated as a filename. Files ending in \`.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in \`.la', then a libtool library is created, +only library objects (\`.lo' files) may be specified, and \`-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created +using \`ar' and \`ranlib', or on Windows using \`lib'. + +If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode \`$mode'" + ;; + esac + + $ECHO + $ECHO "Try \`$progname --help' for more information about other modes." + + exit $? +} + + # Now that we've collected a possible --mode arg, show help if necessary + $opt_help && func_mode_help + + +# func_mode_execute arg... +func_mode_execute () +{ + $opt_debug + # The first argument is the command name. + cmd="$nonopt" + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $execute_dlfiles; do + test -f "$file" \ + || func_fatal_help "\`$file' is not a file" + + dir= + case $file in + *.la) + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "\`$file' was not linked with \`-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir="$func_dirname_result" + + if test -f "$dir/$objdir/$dlname"; then + dir="$dir/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir="$func_dirname_result" + ;; + + *) + func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir="$absdir" + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic="$magic" + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -*) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file="$progdir/$program" + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file="$progdir/$program" + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_quote_for_eval "$file" + args="$args $func_quote_for_eval_result" + done + + if test "X$opt_dry_run" = Xfalse; then + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd="\$cmd$args" + else + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + $ECHO "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + fi +} + +test "$mode" = execute && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $opt_debug + libdirs="$nonopt" + admincmds= + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for dir + do + libdirs="$libdirs $dir" + done + + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || admincmds="$admincmds + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_silent && exit $EXIT_SUCCESS + + $ECHO "X----------------------------------------------------------------------" | $Xsed + $ECHO "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + $ECHO + $ECHO "If you ever happen to want to link against installed libraries" + $ECHO "in a given directory, LIBDIR, you must either use libtool, and" + $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'" + $ECHO "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable" + $ECHO " during execution" + fi + if test -n "$runpath_var"; then + $ECHO " - add LIBDIR to the \`$runpath_var' environment variable" + $ECHO " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the \`$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + fi + $ECHO + + $ECHO "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual" + $ECHO "pages." + ;; + *) + $ECHO "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + $ECHO "X----------------------------------------------------------------------" | $Xsed + exit $EXIT_SUCCESS +} + +test "$mode" = finish && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $opt_debug + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + # Allow the use of GNU shtool's install command. + $ECHO "X$nonopt" | $GREP shtool >/dev/null; then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + install_prog="$install_prog$func_quote_for_eval_result" + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=no + stripme= + for arg + do + if test -n "$dest"; then + files="$files $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=yes ;; + -f) + case " $install_prog " in + *[\\\ /]cp\ *) ;; + *) prev=$arg ;; + esac + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + install_prog="$install_prog $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the \`$prev' option requires an argument" + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=yes + if test "$isdir" = yes; then + destdir="$dest" + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir="$func_dirname_result" + destname="$func_basename_result" + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "\`$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "\`$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + staticlibs="$staticlibs $file" + ;; + + *.la) + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) current_libdirs="$current_libdirs $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) future_libdirs="$future_libdirs $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir="$func_dirname_result" + dir="$dir$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking \`$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname="$1" + shift + + srcname="$realname" + test -n "$relink_command" && srcname="$realname"T + + # Install the shared library and build the symlinks. + func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme="$stripme" + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme="" + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try `ln -sf' first, because the `ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib="$destdir/$realname" + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name="$func_basename_result" + instname="$dir/$name"i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest="$destfile" + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to \`$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test "$build_old_libs" = yes; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext="" + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=".exe" + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script \`$wrapper'" + + finalize=yes + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "\`$lib' has not been installed in \`$libdir'" + finalize=no + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test "$fast_install" = no && test -n "$relink_command"; then + $opt_dry_run || { + if test "$finalize" = yes; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file="$func_basename_result" + outputname="$tmpdir/$file" + # Replace the output file specification. + relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_silent || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink \`$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file="$outputname" + else + func_warning "cannot relink \`$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name="$func_basename_result" + + # Set up the ranlib parameters. + oldlib="$destdir/$name" + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run \`$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test "$mode" = install && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $opt_debug + my_outputname="$1" + my_originator="$2" + my_pic_p="${3-no}" + my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms="${my_outputname}S.c" + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist="$output_objdir/${my_outputname}.nm" + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +/* External symbol declarations for the compiler. */\ +" + + if test "$dlself" = yes; then + func_verbose "generating symbol list for \`$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_verbose "extracting global C symbols from \`$progfile'" + $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols="$output_objdir/$outputname.exp" + $opt_dry_run || { + $RM $export_symbols + eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from \`$dlprefile'" + func_basename "$dlprefile" + name="$func_basename_result" + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + $ECHO >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +" + case $host in + *cygwin* | *mingw* | *cegcc* ) + $ECHO >> "$output_objdir/$my_dlsyms" "\ +/* DATA imports from DLLs on WIN32 con't be const, because + runtime relocations are performed -- see ld's documentation + on pseudo-relocs. */" + lt_dlsym_const= ;; + *osf5*) + echo >> "$output_objdir/$my_dlsyms" "\ +/* This system does not cope well with relocations in const data */" + lt_dlsym_const= ;; + *) + lt_dlsym_const=const ;; + esac + + $ECHO >> "$output_objdir/$my_dlsyms" "\ +extern $lt_dlsym_const lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[]; +$lt_dlsym_const lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{\ + { \"$my_originator\", (void *) 0 }," + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + $ECHO >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + if test "X$my_pic_p" != Xno; then + pic_flag_for_symtable=" $pic_flag" + fi + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) symtab_cflags="$symtab_cflags $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' + + # Transform the symbol file into the correct name. + symfileobj="$output_objdir/${my_outputname}S.$objext" + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for \`$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` + finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` + fi +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +func_win32_libid () +{ + $opt_debug + win32_libid_type="unknown" + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then + win32_nmres=`eval $NM -f posix -A $1 | + $SED -n -e ' + 1,100{ + / I /{ + s,.*,import, + p + q + } + }'` + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $opt_debug + f_ex_an_ar_dir="$1"; shift + f_ex_an_ar_oldlib="$1" + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?' + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $opt_debug + my_gentop="$1"; shift + my_oldlibs=${1+"$@"} + my_oldobjs="" + my_xlib="" + my_xabs="" + my_xdir="" + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib="$func_basename_result" + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir="$my_gentop/$my_xlib_u" + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + darwin_base_archive=`basename "$darwin_archive"` + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches ; do + func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" + $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" + cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" + func_extract_an_archive "`pwd`" "${darwin_base_archive}" + cd "$darwin_curdir" + $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` + done + + func_extract_archives_result="$my_oldobjs" +} + + + +# func_emit_wrapper_part1 [arg=no] +# +# Emit the first part of a libtool wrapper script on stdout. +# For more information, see the description associated with +# func_emit_wrapper(), below. +func_emit_wrapper_part1 () +{ + func_emit_wrapper_part1_arg1=no + if test -n "$1" ; then + func_emit_wrapper_part1_arg1=$1 + fi + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed='${SED} -e 1s/^X//' +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + ECHO=\"$qecho\" + file=\"\$0\" + # Make sure echo works. + if test \"X\$1\" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift + elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then + # Yippee, \$ECHO works! + : + else + # Restart under the correct shell, and then maybe \$ECHO will work. + exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} + fi + fi\ +" + $ECHO "\ + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` + done +" +} +# end: func_emit_wrapper_part1 + +# func_emit_wrapper_part2 [arg=no] +# +# Emit the second part of a libtool wrapper script on stdout. +# For more information, see the description associated with +# func_emit_wrapper(), below. +func_emit_wrapper_part2 () +{ + func_emit_wrapper_part2_arg1=no + if test -n "$1" ; then + func_emit_wrapper_part2_arg1=$1 + fi + + $ECHO "\ + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test "$fast_install" = yes; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + $ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # Export our shlibpath_var if we have one. + if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` + + export $shlibpath_var +" + fi + + # fixup the dll searchpath if we need to. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} +# end: func_emit_wrapper_part2 + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory in which it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=no + if test -n "$1" ; then + func_emit_wrapper_arg1=$1 + fi + + # split this up so that func_emit_cwrapperexe_src + # can call each part independently. + func_emit_wrapper_part1 "${func_emit_wrapper_arg1}" + func_emit_wrapper_part2 "${func_emit_wrapper_arg1}" +} + + +# func_to_host_path arg +# +# Convert paths to host format when used with build tools. +# Intended for use with "native" mingw (where libtool itself +# is running under the msys shell), or in the following cross- +# build environments: +# $build $host +# mingw (msys) mingw [e.g. native] +# cygwin mingw +# *nix + wine mingw +# where wine is equipped with the `winepath' executable. +# In the native mingw case, the (msys) shell automatically +# converts paths for any non-msys applications it launches, +# but that facility isn't available from inside the cwrapper. +# Similar accommodations are necessary for $host mingw and +# $build cygwin. Calling this function does no harm for other +# $host/$build combinations not listed above. +# +# ARG is the path (on $build) that should be converted to +# the proper representation for $host. The result is stored +# in $func_to_host_path_result. +func_to_host_path () +{ + func_to_host_path_result="$1" + if test -n "$1" ; then + case $host in + *mingw* ) + lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + case $build in + *mingw* ) # actually, msys + # awkward: cmd appends spaces to result + lt_sed_strip_trailing_spaces="s/[ ]*\$//" + func_to_host_path_tmp1=`( cmd //c echo "$1" |\ + $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` + func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ + $SED -e "$lt_sed_naive_backslashify"` + ;; + *cygwin* ) + func_to_host_path_tmp1=`cygpath -w "$1"` + func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ + $SED -e "$lt_sed_naive_backslashify"` + ;; + * ) + # Unfortunately, winepath does not exit with a non-zero + # error code, so we are forced to check the contents of + # stdout. On the other hand, if the command is not + # found, the shell will set an exit code of 127 and print + # *an error message* to stdout. So we must check for both + # error code of zero AND non-empty stdout, which explains + # the odd construction: + func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null` + if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then + func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ + $SED -e "$lt_sed_naive_backslashify"` + else + # Allow warning below. + func_to_host_path_result="" + fi + ;; + esac + if test -z "$func_to_host_path_result" ; then + func_error "Could not determine host path corresponding to" + func_error " '$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_path_result="$1" + fi + ;; + esac + fi +} +# end: func_to_host_path + +# func_to_host_pathlist arg +# +# Convert pathlists to host format when used with build tools. +# See func_to_host_path(), above. This function supports the +# following $build/$host combinations (but does no harm for +# combinations not listed here): +# $build $host +# mingw (msys) mingw [e.g. native] +# cygwin mingw +# *nix + wine mingw +# +# Path separators are also converted from $build format to +# $host format. If ARG begins or ends with a path separator +# character, it is preserved (but converted to $host format) +# on output. +# +# ARG is a pathlist (on $build) that should be converted to +# the proper representation on $host. The result is stored +# in $func_to_host_pathlist_result. +func_to_host_pathlist () +{ + func_to_host_pathlist_result="$1" + if test -n "$1" ; then + case $host in + *mingw* ) + lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_to_host_pathlist_tmp2="$1" + # Once set for this call, this variable should not be + # reassigned. It is used in tha fallback case. + func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\ + $SED -e 's|^:*||' -e 's|:*$||'` + case $build in + *mingw* ) # Actually, msys. + # Awkward: cmd appends spaces to result. + lt_sed_strip_trailing_spaces="s/[ ]*\$//" + func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\ + $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` + func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ + $SED -e "$lt_sed_naive_backslashify"` + ;; + *cygwin* ) + func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"` + func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ + $SED -e "$lt_sed_naive_backslashify"` + ;; + * ) + # unfortunately, winepath doesn't convert pathlists + func_to_host_pathlist_result="" + func_to_host_pathlist_oldIFS=$IFS + IFS=: + for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do + IFS=$func_to_host_pathlist_oldIFS + if test -n "$func_to_host_pathlist_f" ; then + func_to_host_path "$func_to_host_pathlist_f" + if test -n "$func_to_host_path_result" ; then + if test -z "$func_to_host_pathlist_result" ; then + func_to_host_pathlist_result="$func_to_host_path_result" + else + func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result" + fi + fi + fi + IFS=: + done + IFS=$func_to_host_pathlist_oldIFS + ;; + esac + if test -z "$func_to_host_pathlist_result" ; then + func_error "Could not determine the host path(s) corresponding to" + func_error " '$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This may break if $1 contains DOS-style drive + # specifications. The fix is not to complicate the expression + # below, but for the user to provide a working wine installation + # with winepath so that path translation in the cross-to-mingw + # case works properly. + lt_replace_pathsep_nix_to_dos="s|:|;|g" + func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\ + $SED -e "$lt_replace_pathsep_nix_to_dos"` + fi + # Now, add the leading and trailing path separators back + case "$1" in + :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result" + ;; + esac + case "$1" in + *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;" + ;; + esac + ;; + esac + fi +} +# end: func_to_host_pathlist + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat < +#include +#ifdef _MSC_VER +# include +# include +# include +# define setmode _setmode +#else +# include +# include +# ifdef __CYGWIN__ +# include +# define HAVE_SETENV +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(PATH_MAX) +# define LT_PATHMAX PATH_MAX +#elif defined(MAXPATHLEN) +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +#ifdef _MSC_VER +# define S_IXUSR _S_IEXEC +# define stat _stat +# ifndef _INTPTR_T_DEFINED +# define intptr_t int +# endif +#endif + +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ + defined (__OS2__) +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifdef __CYGWIN__ +# define FOPEN_WB "wb" +#endif + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free ((void *) stale); stale = 0; } \ +} while (0) + +#undef LTWRAPPER_DEBUGPRINTF +#if defined DEBUGWRAPPER +# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args +static void +ltwrapper_debugprintf (const char *fmt, ...) +{ + va_list args; + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); +} +#else +# define LTWRAPPER_DEBUGPRINTF(args) +#endif + +const char *program_name = NULL; + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_fatal (const char *message, ...); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_opt_process_env_set (const char *arg); +void lt_opt_process_env_prepend (const char *arg); +void lt_opt_process_env_append (const char *arg); +int lt_split_name_value (const char *arg, char** name, char** value); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); + +static const char *script_text_part1 = +EOF + + func_emit_wrapper_part1 yes | + $SED -e 's/\([\\"]\)/\\\1/g' \ + -e 's/^/ "/' -e 's/$/\\n"/' + echo ";" + cat <"))); + for (i = 0; i < newargc; i++) + { + LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : ""))); + } + +EOF + + case $host_os in + mingw*) + cat <<"EOF" + /* execv doesn't actually work on mingw as expected on unix */ + rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz); + if (rval == -1) + { + /* failed to start process */ + LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno)); + return 127; + } + return rval; +EOF + ;; + *) + cat <<"EOF" + execv (lt_argv_zero, newargz); + return rval; /* =127, but avoids unused variable warning */ +EOF + ;; + esac + + cat <<"EOF" +} + +void * +xmalloc (size_t num) +{ + void *p = (void *) malloc (num); + if (!p) + lt_fatal ("Memory exhausted"); + + return p; +} + +char * +xstrdup (const char *string) +{ + return string ? strcpy ((char *) xmalloc (strlen (string) + 1), + string) : NULL; +} + +const char * +base_name (const char *name) +{ + const char *base; + +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + /* Skip over the disk name in MSDOS pathnames. */ + if (isalpha ((unsigned char) name[0]) && name[1] == ':') + name += 2; +#endif + + for (base = name; *name; name++) + if (IS_DIR_SEPARATOR (*name)) + base = name + 1; + return base; +} + +int +check_executable (const char *path) +{ + struct stat st; + + LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n", + path ? (*path ? path : "EMPTY!") : "NULL!")); + if ((!path) || (!*path)) + return 0; + + if ((stat (path, &st) >= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n", + path ? (*path ? path : "EMPTY!") : "NULL!")); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + int tmp_len; + char *concat_name; + + LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n", + wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!")); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = q - p; + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal ("getcwd failed"); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal ("getcwd failed"); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n", + tmp_pathspec)); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + char *errstr = strerror (errno); + lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal ("Could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (strcmp (str, pat) == 0) + *str = '\0'; + } + return str; +} + +static void +lt_error_core (int exit_status, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s: %s: ", program_name, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, "FATAL", message, ap); + va_end (ap); +} + +void +lt_setenv (const char *name, const char *value) +{ + LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n", + (name ? name : ""), + (value ? value : ""))); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + int len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + int orig_value_len = strlen (orig_value); + int add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +int +lt_split_name_value (const char *arg, char** name, char** value) +{ + const char *p; + int len; + if (!arg || !*arg) + return 1; + + p = strchr (arg, (int)'='); + + if (!p) + return 1; + + *value = xstrdup (++p); + + len = strlen (arg) - strlen (*value); + *name = XMALLOC (char, len); + strncpy (*name, arg, len-1); + (*name)[len - 1] = '\0'; + + return 0; +} + +void +lt_opt_process_env_set (const char *arg) +{ + char *name = NULL; + char *value = NULL; + + if (lt_split_name_value (arg, &name, &value) != 0) + { + XFREE (name); + XFREE (value); + lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg); + } + + lt_setenv (name, value); + XFREE (name); + XFREE (value); +} + +void +lt_opt_process_env_prepend (const char *arg) +{ + char *name = NULL; + char *value = NULL; + char *new_value = NULL; + + if (lt_split_name_value (arg, &name, &value) != 0) + { + XFREE (name); + XFREE (value); + lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg); + } + + new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + XFREE (name); + XFREE (value); +} + +void +lt_opt_process_env_append (const char *arg) +{ + char *name = NULL; + char *value = NULL; + char *new_value = NULL; + + if (lt_split_name_value (arg, &name, &value) != 0) + { + XFREE (name); + XFREE (value); + lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg); + } + + new_value = lt_extend_str (getenv (name), value, 1); + lt_setenv (name, new_value); + XFREE (new_value); + XFREE (name); + XFREE (value); +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + (name ? name : ""), + (value ? value : ""))); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + int len = strlen (new_value); + while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[len-1] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + (name ? name : ""), + (value ? value : ""))); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + + +EOF +} +# end: func_emit_cwrapperexe_src + +# func_mode_link arg... +func_mode_link () +{ + $opt_debug + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # which system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll which has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + + avoid_version=no + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=no + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module="${wl}-single_module" + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg="$1" + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + dlfiles|dlprefiles) + if test "$preload" = no; then + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=yes + fi + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test "$dlself" = no; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test "$prev" = dlprefiles; then + dlself=yes + elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test "$prev" = dlfiles; then + dlfiles="$dlfiles $arg" + else + dlprefiles="$dlprefiles $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols="$arg" + test -f "$arg" \ + || func_fatal_error "symbol file \`$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex="$arg" + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) deplibs="$deplibs $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir="$arg" + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# moreargs="$moreargs $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + dlfiles="$dlfiles $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + dlprefiles="$dlprefiles $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file \`$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + precious_regex) + precious_files_regex="$arg" + prev= + continue + ;; + release) + release="-$arg" + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test "$prev" = rpath; then + case "$rpath " in + *" $arg "*) ;; + *) rpath="$rpath $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) xrpath="$xrpath $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds="$arg" + prev= + continue + ;; + weak) + weak_libs="$weak_libs $arg" + prev= + continue + ;; + xcclinker) + linker_flags="$linker_flags $qarg" + compiler_flags="$compiler_flags $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + compiler_flags="$compiler_flags $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + linker_flags="$linker_flags $qarg" + compiler_flags="$compiler_flags $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg="$arg" + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "\`-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test "X$arg" = "X-export-symbols"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname '-L' '' "$arg" + dir=$func_stripname_result + if test -z "$dir"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between \`-L' and \`$1'" + else + func_fatal_error "need path for \`-L' option" + fi + fi + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of \`$dir'" + dir="$absdir" + ;; + esac + case "$deplibs " in + *" -L$dir "*) ;; + *) + deplibs="$deplibs -L$dir" + lib_search_path="$lib_search_path $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) dllsearchpath="$dllsearchpath:$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) dllsearchpath="$dllsearchpath:$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test "X$arg" = "X-lc" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + test "X$arg" = "X-lc" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + deplibs="$deplibs System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test "X$arg" = "X-lc" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test "X$arg" = "X-lc" && continue + ;; + esac + elif test "X$arg" = "X-lc_r"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + deplibs="$deplibs $arg" + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot) + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;; + esac + continue + ;; + + -multi_module) + single_module="${wl}-multi_module" + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "\`-no-install' is ignored for $host" + func_warning "assuming \`-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) xrpath="$xrpath $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + arg="$arg $wl$func_quote_for_eval_result" + compiler_flags="$compiler_flags $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + arg="$arg $wl$func_quote_for_eval_result" + compiler_flags="$compiler_flags $wl$func_quote_for_eval_result" + linker_flags="$linker_flags $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + # -64, -mips[0-9] enable 64-bit mode on the SGI compiler + # -r[0-9][0-9]* specifies the processor on the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler + # +DA*, +DD* enable 64-bit mode on the HP compiler + # -q* pass through compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* pass through architecture-specific + # compiler args for GCC + # -F/path gives path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC + # @file GCC response files + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + func_append compile_command " $arg" + func_append finalize_command " $arg" + compiler_flags="$compiler_flags $arg" + continue + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + *.$objext) + # A standard object. + objs="$objs $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + dlfiles="$dlfiles $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + dlprefiles="$dlprefiles $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + deplibs="$deplibs $arg" + old_deplibs="$old_deplibs $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + if test "$prev" = dlfiles; then + # This library was specified with -dlopen. + dlfiles="$dlfiles $arg" + prev= + elif test "$prev" = dlprefiles; then + # The library was specified with -dlpreopen. + dlprefiles="$dlprefiles $arg" + prev= + else + deplibs="$deplibs $arg" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the \`$prevarg' option requires an argument" + + if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname="$func_basename_result" + libobjs_save="$libobjs" + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + func_dirname "$output" "/" "" + output_objdir="$func_dirname_result$objdir" + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_duplicate_deps ; then + case "$libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + libs="$libs $deplib" + done + + if test "$linkmode" = lib; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;; + esac + pre_post_deps="$pre_post_deps $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=no + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test "$linkmode,$pass" = "lib,link"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs="$tmp_deplibs" + fi + + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan"; then + libs="$deplibs" + deplibs= + fi + if test "$linkmode" = prog; then + case $pass in + dlopen) libs="$dlfiles" ;; + dlpreopen) libs="$dlprefiles" ;; + link) + libs="$deplibs %DEPLIBS%" + test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" + ;; + esac + fi + if test "$linkmode,$pass" = "lib,dlpreopen"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + case $lib in + *.la) func_source "$lib" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"` + case " $weak_libs " in + *" $deplib_base "*) ;; + *) deplibs="$deplibs $deplib" ;; + esac + done + done + libs="$dlprefiles" + fi + if test "$pass" = dlopen; then + # Collect dlpreopened libraries + save_deplibs="$deplibs" + deplibs= + fi + + for deplib in $libs; do + lib= + found=no + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + compiler_flags="$compiler_flags $deplib" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test "$linkmode" != lib && test "$linkmode" != prog; then + func_warning "\`-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test "$linkmode" = lib; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib="$searchdir/lib${name}${search_ext}" + if test -f "$lib"; then + if test "$search_ext" = ".la"; then + found=yes + else + found=no + fi + break 2 + fi + done + done + if test "$found" != yes; then + # deplib doesn't seem to be a libtool library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + else # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll="$l" + done + if test "X$ll" = "X$old_library" ; then # only static version available + found=no + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + lib=$ladir/$old_library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + fi + ;; # -l + *.ltframework) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test "$pass" = conv && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + newlib_search_path="$newlib_search_path $func_stripname_result" + ;; + prog) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + if test "$pass" = scan; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + newlib_search_path="$newlib_search_path $func_stripname_result" + ;; + *) + func_warning "\`-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test "$pass" = link; then + func_stripname '-R' '' "$deplib" + dir=$func_stripname_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) xrpath="$xrpath $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) lib="$deplib" ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=no + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=yes + fi + ;; + pass_all) + valid_a_lib=yes + ;; + esac + if test "$valid_a_lib" != yes; then + $ECHO + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + $ECHO "*** I have the capability to make that library automatically link in when" + $ECHO "*** you link to this library. But I can only do this if you have a" + $ECHO "*** shared version of the library, which you do not appear to have" + $ECHO "*** because the file extensions .$libext of this argument makes me believe" + $ECHO "*** that it is just a static archive that I should not use here." + else + $ECHO + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + fi + ;; + esac + continue + ;; + prog) + if test "$pass" != link; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + elif test "$linkmode" = prog; then + if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + newdlprefiles="$newdlprefiles $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + newdlfiles="$newdlfiles $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=yes + continue + ;; + esac # case $deplib + + if test "$found" = yes || test -f "$lib"; then : + else + func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" + fi + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "\`$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan" || + { test "$linkmode" != prog && test "$linkmode" != lib; }; then + test -n "$dlopen" && dlfiles="$dlfiles $dlopen" + test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen" + fi + + if test "$pass" = conv; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + # It is a libtool convenience library, so add in its objects. + convenience="$convenience $ladir/$objdir/$old_library" + old_convenience="$old_convenience $ladir/$objdir/$old_library" + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_duplicate_deps ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done + elif test "$linkmode" != prog && test "$linkmode" != lib; then + func_fatal_error "\`$lib' is not a convenience library" + fi + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + for l in $old_library $library_names; do + linklib="$l" + done + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + + # This library was specified with -dlopen. + if test "$pass" = dlopen; then + if test -z "$libdir"; then + func_fatal_error "cannot -dlopen a convenience library: \`$lib'" + fi + if test -z "$dlname" || + test "$dlopen_support" != yes || + test "$build_libtool_libs" = no; then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + dlprefiles="$dlprefiles $lib $dependency_libs" + else + newdlfiles="$newdlfiles $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of \`$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir="$ladir" + fi + ;; + esac + func_basename "$lib" + laname="$func_basename_result" + + # Find the relevant object directory and library name. + if test "X$installed" = Xyes; then + if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library \`$lib' was moved." + dir="$ladir" + absdir="$abs_ladir" + libdir="$abs_ladir" + else + dir="$libdir" + absdir="$libdir" + fi + test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir="$ladir" + absdir="$abs_ladir" + # Remove this search path later + notinst_path="$notinst_path $abs_ladir" + else + dir="$ladir/$objdir" + absdir="$abs_ladir/$objdir" + # Remove this search path later + notinst_path="$notinst_path $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test "$pass" = dlpreopen; then + if test -z "$libdir" && test "$linkmode" = prog; then + func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" + fi + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + newdlprefiles="$newdlprefiles $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + newdlprefiles="$newdlprefiles $dir/$dlname" + else + newdlprefiles="$newdlprefiles $dir/$linklib" + fi + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test "$linkmode" = lib; then + deplibs="$dir/$old_library $deplibs" + elif test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test "$linkmode" = prog && test "$pass" != link; then + newlib_search_path="$newlib_search_path $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=no + if test "$link_all_deplibs" != no || test -z "$library_names" || + test "$build_libtool_libs" = no; then + linkalldeplibs=yes + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + newlib_search_path="$newlib_search_path $func_stripname_result" + ;; + esac + # Need to link against all dependency_libs? + if test "$linkalldeplibs" = yes; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_duplicate_deps ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test "$linkmode,$pass" = "prog,link"; then + if test -n "$library_names" && + { { test "$prefer_static_libs" = no || + test "$prefer_static_libs,$installed" = "built,yes"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + # Make sure the rpath contains only unique directories. + case "$temp_rpath:" in + *"$absdir:"*) ;; + *) temp_rpath="$temp_rpath$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) compile_rpath="$compile_rpath $absdir" + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if test "$alldeplibs" = yes && + { test "$deplibs_check_method" = pass_all || + { test "$build_libtool_libs" = yes && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test "$use_static_libs" = built && test "$installed" = yes; then + use_static_libs=no + fi + if test -n "$library_names" && + { test "$use_static_libs" = no || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc*) + # No point in relinking DLLs because paths are not encoded + notinst_deplibs="$notinst_deplibs $lib" + need_relink=no + ;; + *) + if test "$installed" = no; then + notinst_deplibs="$notinst_deplibs $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule="" + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule="$dlpremoduletest" + break + fi + done + if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then + $ECHO + if test "$linkmode" = prog; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && + test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) compile_rpath="$compile_rpath $absdir" + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname="$1" + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname="$dlname" + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc*) + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + esac + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot="$soname" + func_basename "$soroot" + soname="$func_basename_result" + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from \`$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for \`$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test "$linkmode" = prog || test "$mode" != relink; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test "$hardcode_direct" = no; then + add="$dir/$linklib" + case $host in + *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; + *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir="-L$dir" ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we can not + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null ; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library" ; then + $ECHO + $ECHO "*** And there doesn't seem to be a static archive available" + $ECHO "*** The link will probably fail, sorry" + else + add="$dir/$old_library" + fi + elif test -n "$old_library"; then + add="$dir/$old_library" + fi + fi + esac + elif test "$hardcode_minus_L" = no; then + case $host in + *-*-sunos*) add_shlibpath="$dir" ;; + esac + add_dir="-L$dir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = no; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + relink) + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$dir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$dir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + add_dir="$add_dir -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test "$lib_linked" != yes; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;; + esac + fi + if test "$linkmode" = prog; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test "$hardcode_direct" != yes && + test "$hardcode_minus_L" != yes && + test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; + esac + fi + fi + fi + + if test "$linkmode" = prog || test "$mode" = relink; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$libdir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$libdir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; + esac + add="-l$name" + elif test "$hardcode_automatic" = yes; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib" ; then + add="$inst_prefix_dir$libdir/$linklib" + else + add="$libdir/$linklib" + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir="-L$libdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + add_dir="$add_dir -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + fi + + if test "$linkmode" = prog; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test "$linkmode" = prog; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test "$hardcode_direct" != unsupported; then + test -n "$old_library" && linklib="$old_library" + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test "$build_libtool_libs" = yes; then + # Not a shared library + if test "$deplibs_check_method" != pass_all; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + $ECHO + $ECHO "*** Warning: This system can not link to static lib archive $lib." + $ECHO "*** I have the capability to make that library automatically link in when" + $ECHO "*** you link to this library. But I can only do this if you have a" + $ECHO "*** shared version of the library, which you do not appear to have." + if test "$module" = yes; then + $ECHO "*** But as you try to build a module library, libtool will still create " + $ECHO "*** a static module, that should work as long as the dlopening application" + $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + $ECHO + $ECHO "*** However, this would only work if libtool was able to extract symbol" + $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" + $ECHO "*** not find such a program. So, this module is probably useless." + $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && + { test "$hardcode_into_libs" != yes || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) xrpath="$xrpath $temp_xrpath";; + esac;; + *) temp_deplibs="$temp_deplibs $libdir";; + esac + done + dependency_libs="$temp_deplibs" + fi + + newlib_search_path="$newlib_search_path $absdir" + # Link against this library + test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + if $opt_duplicate_deps ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done + + if test "$link_all_deplibs" != no; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path="$deplib" ;; + *.la) + func_dirname "$deplib" "" "." + dir="$func_dirname_result" + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of \`$dir'" + absdir="$dir" + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names" ; then + for tmp in $deplibrary_names ; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl" ; then + depdepl="$absdir/$objdir/$depdepl" + darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" + linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}" + path= + fi + fi + ;; + *) + path="-L$absdir/$objdir" + ;; + esac + else + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "\`$deplib' seems to be moved" + + path="-L$absdir" + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test "$pass" = link; then + if test "$linkmode" = "prog"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs="$newdependency_libs" + if test "$pass" = dlpreopen; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test "$pass" != dlopen; then + if test "$pass" != conv; then + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) lib_search_path="$lib_search_path $dir" ;; + esac + done + newlib_search_path= + fi + + if test "$linkmode,$pass" != "prog,link"; then + vars="deplibs" + else + vars="compile_deplibs finalize_deplibs" + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) tmp_libs="$tmp_libs $deplib" ;; + esac + ;; + *) tmp_libs="$tmp_libs $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs ; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i="" + ;; + esac + if test -n "$i" ; then + tmp_libs="$tmp_libs $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test "$linkmode" = prog; then + dlfiles="$newdlfiles" + fi + if test "$linkmode" = prog || test "$linkmode" = lib; then + dlprefiles="$newdlprefiles" + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "\`-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "\`-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs="$output" + objs="$objs$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form `libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test "$module" = no && \ + func_fatal_help "libtool library \`$output' must begin with \`lib'" + + if test "$need_lib_prefix" != no; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test "$deplibs_check_method" != pass_all; then + func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" + else + $ECHO + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + libobjs="$libobjs $objs" + fi + fi + + test "$dlself" != no && \ + func_warning "\`-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test "$#" -gt 1 && \ + func_warning "ignoring multiple \`-rpath's for a libtool library" + + install_libdir="$1" + + oldlibs= + if test -z "$rpath"; then + if test "$build_libtool_libs" = yes; then + # Building a libtool convenience library. + # Some compilers have problems with a `.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "\`-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs="$IFS"; IFS=':' + set dummy $vinfo 0 0 0 + shift + IFS="$save_ifs" + + test -n "$7" && \ + func_fatal_help "too many parameters to \`-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major="$1" + number_minor="$2" + number_revision="$3" + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # which has an extra 1 added just for fun + # + case $version_type in + darwin|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_revision" + ;; + freebsd-aout|freebsd-elf|sunos) + current="$number_major" + revision="$number_minor" + age="0" + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_minor" + lt_irix_increment=no + ;; + *) + func_fatal_configuration "$modename: unknown library version type \`$version_type'" + ;; + esac + ;; + no) + current="$1" + revision="$2" + age="$3" + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT \`$current' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION \`$revision' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE \`$age' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE \`$age' is greater than the current interface number \`$current'" + func_fatal_error "\`$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + + freebsd-aout) + major=".$current" + versuffix=".$current.$revision"; + ;; + + freebsd-elf) + major=".$current" + versuffix=".$current" + ;; + + irix | nonstopux) + if test "X$lt_irix_increment" = "Xno"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring="$verstring_prefix$major.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test "$loop" -ne 0; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring_prefix$major.$iface:$verstring" + done + + # Before this point, $major must not contain `.'. + major=.$major + versuffix="$major.$revision" + ;; + + linux) + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=".$current.$age.$revision" + verstring="$current.$age.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$age + while test "$loop" -ne 0; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring:${iface}.0" + done + + # Make executables depend on our current version. + verstring="$verstring:${current}.0" + ;; + + qnx) + major=".$current" + versuffix=".$current" + ;; + + sunos) + major=".$current" + versuffix=".$current.$revision" + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 filesystems. + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + + *) + func_fatal_configuration "unknown library version type \`$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring="0.0" + ;; + esac + if test "$need_version" = no; then + versuffix= + else + versuffix=".0.0" + fi + fi + + # Remove version info from name if versioning should be avoided + if test "$avoid_version" = yes && test "$need_version" = no; then + major= + versuffix= + verstring="" + fi + + # Check to see if the archive will have undefined symbols. + if test "$allow_undefined" = yes; then + if test "$allow_undefined_flag" = unsupported; then + func_warning "undefined symbols not allowed in $host shared libraries" + build_libtool_libs=no + build_old_libs=yes + fi + else + # Don't allow undefined symbols. + allow_undefined_flag="$no_undefined_flag" + fi + + fi + + func_generate_dlsyms "$libname" "$libname" "yes" + libobjs="$libobjs $symfileobj" + test "X$libobjs" = "X " && libobjs= + + if test "$mode" != relink; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) + if test "X$precious_files_regex" != "X"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + removelist="$removelist $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + oldlibs="$oldlibs $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"` + # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"` + # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + temp_xrpath="$temp_xrpath -R$libdir" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done + if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles="$dlfiles" + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) dlfiles="$dlfiles $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles="$dlprefiles" + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) dlprefiles="$dlprefiles $lib" ;; + esac + done + + if test "$build_libtool_libs" = yes; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + deplibs="$deplibs System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test "$build_libtool_need_lc" = "yes"; then + deplibs="$deplibs -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release="" + versuffix="" + major="" + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib="$potent_lib" + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; + *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + $ECHO + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + $ECHO "*** I have the capability to make that library automatically link in when" + $ECHO "*** you link to this library. But I can only do this if you have a" + $ECHO "*** shared version of the library, which you do not appear to have" + $ECHO "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + newdeplibs="$newdeplibs $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $a_deplib "*) + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + ;; + esac + fi + if test -n "$a_deplib" ; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib="$potent_lib" # see symlink-check above in file_magic test + if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + $ECHO + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + $ECHO "*** I have the capability to make that library automatically link in when" + $ECHO "*** you link to this library. But I can only do this if you have a" + $ECHO "*** shared version of the library, which you do not appear to have" + $ECHO "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + newdeplibs="$newdeplibs $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs="" + tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \ + -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'` + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + for i in $predeps $postdeps ; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"` + done + fi + if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' | + $GREP . >/dev/null; then + $ECHO + if test "X$deplibs_check_method" = "Xnone"; then + $ECHO "*** Warning: inter-library dependencies are not supported in this platform." + else + $ECHO "*** Warning: inter-library dependencies are not known to be supported." + fi + $ECHO "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + fi + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + ;; + esac + + if test "$droppeddeps" = yes; then + if test "$module" = yes; then + $ECHO + $ECHO "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + $ECHO "*** a static module, that should work as long as the dlopening" + $ECHO "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + $ECHO + $ECHO "*** However, this would only work if libtool was able to extract symbol" + $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" + $ECHO "*** not find such a program. So, this module is probably useless." + $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + $ECHO "*** The inter-library dependencies that have been dropped here will be" + $ECHO "*** automatically added whenever a program is linked with this library" + $ECHO "*** or is declared to -dlopen it." + + if test "$allow_undefined" = no; then + $ECHO + $ECHO "*** Since this library must not contain undefined symbols," + $ECHO "*** because either the platform does not support them or" + $ECHO "*** it was explicitly requested with -no-undefined," + $ECHO "*** libtool will only create a static version of it." + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + new_libs="$new_libs -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$new_libs $deplib" ;; + esac + ;; + *) new_libs="$new_libs $deplib" ;; + esac + done + deplibs="$new_libs" + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test "$build_libtool_libs" = yes; then + if test "$hardcode_into_libs" = yes; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath="$finalize_rpath" + test "$mode" != relink && rpath="$compile_rpath$rpath" + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + dep_rpath="$dep_rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) perm_rpath="$perm_rpath $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + if test -n "$hardcode_libdir_flag_spec_ld"; then + eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" + else + eval dep_rpath=\"$hardcode_libdir_flag_spec\" + fi + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + rpath="$rpath$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath="$finalize_shlibpath" + test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname="$1" + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib="$output_objdir/$realname" + linknames= + for link + do + linknames="$linknames $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols="$output_objdir/$libname.uexp" + delfiles="$delfiles $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + if test "x`$SED 1q $export_symbols`" != xEXPORTS; then + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols="$export_symbols" + export_symbols= + always_export_symbols=yes + fi + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + func_len " $cmd" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS="$save_ifs" + if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' + fi + + if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + delfiles="$delfiles $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + tmp_deplibs="$tmp_deplibs $test_deplib" + ;; + esac + done + deplibs="$tmp_deplibs" + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test "$compiler_needs_object" = yes && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + func_extract_archives $gentop $convenience + libobjs="$libobjs $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + linker_flags="$linker_flags $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test "$mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test "X$skipped_export" != "X:" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + output_la=`$ECHO "X$output" | $Xsed -e "$basename"` + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then + output=${output_objdir}/${output_la}.lnkscript + func_verbose "creating GNU ld script: $output" + $ECHO 'INPUT (' > $output + for obj in $save_libobjs + do + $ECHO "$obj" >> $output + done + $ECHO ')' >> $output + delfiles="$delfiles $output" + elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then + output=${output_objdir}/${output_la}.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test "$compiler_needs_object" = yes; then + firstobj="$1 " + shift + fi + for obj + do + $ECHO "$obj" >> $output + done + delfiles="$delfiles $output" + output=$firstobj\"$file_list_spec$output\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-${k}.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test "X$objlist" = X || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test "$k" -eq 1 ; then + # The first file doesn't have a previous command to add. + eval concat_cmds=\"$reload_cmds $objlist $last_robj\" + else + # All subsequent reloadable object files will link in + # the last one created. + eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-${k}.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-${k}.$objext + objlist=$obj + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" + if test -n "$last_robj"; then + eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" + fi + delfiles="$delfiles $output" + + else + output= + fi + + if ${skipped_export-false}; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + fi + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs="$IFS"; IFS='~' + for cmd in $concat_cmds; do + IFS="$save_ifs" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + if ${skipped_export-false}; then + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + delfiles="$delfiles $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + fi + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + func_extract_archives $gentop $dlprefiles + libobjs="$libobjs $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + # Restore the uninstalled library and exit + if test "$mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test "$module" = yes || test "$export_dynamic" = yes; then + # On all known operating systems, these are identical. + dlname="$soname" + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "\`-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object \`$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj="$output" + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # reload_cmds runs $LD directly, so let us get rid of + # -Wl from whole_archive_flag_spec and hope we can get by with + # turning comma into space.. + wl= + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` + else + gentop="$output_objdir/${obj}x" + generated="$generated $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # Create the old-style object. + reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + + output="$obj" + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + if test "$build_libtool_libs" != yes; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + fi + + if test -n "$pic_flag" || test "$pic_mode" != default; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output="$libobj" + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "\`-release' is ignored for programs" + + test "$preload" = yes \ + && test "$dlopen_support" = unknown \ + && test "$dlopen_self" = unknown \ + && test "$dlopen_self_static" = unknown && \ + func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test "$tagname" = CXX ; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + compile_command="$compile_command ${wl}-bind_at_load" + finalize_command="$finalize_command ${wl}-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + new_libs="$new_libs -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$new_libs $deplib" ;; + esac + ;; + *) new_libs="$new_libs $deplib" ;; + esac + done + compile_deplibs="$new_libs" + + + compile_command="$compile_command $compile_deplibs" + finalize_command="$finalize_command $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + rpath="$rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) perm_rpath="$perm_rpath $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) dllsearchpath="$dllsearchpath:$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) dllsearchpath="$dllsearchpath:$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath="$rpath" + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + rpath="$rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath="$rpath" + + if test -n "$libobjs" && test "$build_old_libs" = yes; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" "no" + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=yes + case $host in + *cygwin* | *mingw* ) + if test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + *cegcc) + # Disable wrappers for cegcc, we are cross compiling anyway. + wrappers_required=no + ;; + *) + if test "$need_relink" = no || test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + esac + if test "$wrappers_required" = no; then + # Replace the output file specification. + compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + link_command="$compile_command$compile_rpath" + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.${objext}"; then + func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' + fi + + exit $exit_status + fi + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + rpath="$rpath$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + rpath="$rpath$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test "$no_install" = yes; then + # We don't need to create a wrapper script. + link_command="$compile_var$compile_command$compile_rpath" + # Replace the output file specification. + link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + exit $EXIT_SUCCESS + fi + + if test "$hardcode_action" = relink; then + # Fast installation is not supported + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "\`$output' will be relinked during installation" + else + if test "$fast_install" != no; then + link_command="$finalize_var$compile_command$finalize_rpath" + if test "$fast_install" = yes; then + relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` + else + # fast_install is set to needless + relink_command= + fi + else + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + fi + fi + + # Replace the output file specification. + link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` + fi + + # Quote $ECHO for shipping. + if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then + case $progpath in + [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; + *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; + esac + qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"` + else + qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource="$output_path/$objdir/lt-$output_name.c" + cwrapper="$output_path/$output_name.exe" + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host" ; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + if test "$build_libtool_libs" = convenience; then + oldobjs="$libobjs_save $symfileobj" + addlibs="$convenience" + build_libtool_libs=no + else + if test "$build_libtool_libs" = module; then + oldobjs="$libobjs_save" + build_libtool_libs=no + else + oldobjs="$old_deplibs $non_pic_objects" + if test "$preload" = yes && test -f "$symfileobj"; then + oldobjs="$oldobjs $symfileobj" + fi + fi + addlibs="$old_convenience" + fi + + if test -n "$addlibs"; then + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + func_extract_archives $gentop $addlibs + oldobjs="$oldobjs $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + func_extract_archives $gentop $dlprefiles + oldobjs="$oldobjs $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + $ECHO "copying selected object files to avoid basename conflicts..." + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase="$func_basename_result" + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + oldobjs="$oldobjs $gentop/$newobj" + ;; + *) oldobjs="$oldobjs $obj" ;; + esac + done + fi + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj" ; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test "X$oldobjs" = "X" ; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test "$build_old_libs" = yes && old_library="$libname.$libext" + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` + if test "$hardcode_automatic" = yes ; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test "$installed" = yes; then + if test -z "$install_libdir"; then + break + fi + output="$output_objdir/$outputname"i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + newdependency_libs="$newdependency_libs $libdir/$name" + ;; + *) newdependency_libs="$newdependency_libs $deplib" ;; + esac + done + dependency_libs="$newdependency_libs" + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + newdlfiles="$newdlfiles $libdir/$name" + ;; + *) newdlfiles="$newdlfiles $lib" ;; + esac + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + newdlprefiles="$newdlprefiles $libdir/$name" + ;; + esac + done + dlprefiles="$newdlprefiles" + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + newdlfiles="$newdlfiles $abs" + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + newdlprefiles="$newdlprefiles $abs" + done + dlprefiles="$newdlprefiles" + fi + $RM $output + # place dlname in correct position for cygwin + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that can not go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test "$installed" = no && test "$need_relink" = yes; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +{ test "$mode" = link || test "$mode" = relink; } && + func_mode_link ${1+"$@"} + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $opt_debug + RM="$nonopt" + files= + rmforce= + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + for arg + do + case $arg in + -f) RM="$RM $arg"; rmforce=yes ;; + -*) RM="$RM $arg" ;; + *) files="$files $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + origobjdir="$objdir" + for file in $files; do + func_dirname "$file" "" "." + dir="$func_dirname_result" + if test "X$dir" = X.; then + objdir="$origobjdir" + else + objdir="$dir/$origobjdir" + fi + func_basename "$file" + name="$func_basename_result" + test "$mode" = uninstall && objdir="$dir" + + # Remember objdir for removal later, being careful to avoid duplicates + if test "$mode" = clean; then + case " $rmdirs " in + *" $objdir "*) ;; + *) rmdirs="$rmdirs $objdir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif test "$rmforce" = yes; then + continue + fi + + rmfiles="$file" + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + rmfiles="$rmfiles $objdir/$n" + done + test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library" + + case "$mode" in + clean) + case " $library_names " in + # " " in the beginning catches empty $dlname + *" $dlname "*) ;; + *) rmfiles="$rmfiles $objdir/$dlname" ;; + esac + test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && + test "$pic_object" != none; then + rmfiles="$rmfiles $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && + test "$non_pic_object" != none; then + rmfiles="$rmfiles $dir/$non_pic_object" + fi + fi + ;; + + *) + if test "$mode" = clean ; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + rmfiles="$rmfiles $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + rmfiles="$rmfiles $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}" + if test "$fast_install" = yes && test -n "$relink_command"; then + rmfiles="$rmfiles $objdir/lt-$name" + fi + if test "X$noexename" != "X$name" ; then + rmfiles="$rmfiles $objdir/lt-${noexename}.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + objdir="$origobjdir" + + # Try to remove the ${objdir}s in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +{ test "$mode" = uninstall || test "$mode" = clean; } && + func_mode_uninstall ${1+"$@"} + +test -z "$mode" && { + help="$generic_help" + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode \`$mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# in which we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: +# vi:sw=2 + diff --git a/auto/missing b/auto/missing new file mode 100755 index 0000000..1c8ff70 --- /dev/null +++ b/auto/missing @@ -0,0 +1,367 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. + +scriptversion=2006-05-10.23 + +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006 +# Free Software Foundation, Inc. +# Originally by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +run=: +sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' +sed_minuso='s/.* -o \([^ ]*\).*/\1/p' + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.ac; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +msg="missing on your system" + +case $1 in +--run) + # Try to run requested program, and just exit if it succeeds. + run= + shift + "$@" && exit 0 + # Exit code 63 means version mismatch. This often happens + # when the user try to use an ancient version of a tool on + # a file that requires a minimum version. In this case we + # we should proceed has if the program had been absent, or + # if --run hadn't been passed. + if test $? = 63; then + run=: + msg="probably too old" + fi + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + --run try to run the given command, and emulate it if it fails + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + autom4te touch the output file, or create a stub one + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + help2man touch the output file + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + tar try tar, gnutar, gtar, then tar without non-portable flags + yacc create \`y.tab.[ch]', if possible, from existing .[ch] + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + +esac + +# Now exit if we have it, but it failed. Also exit now if we +# don't have it and --version was passed (most likely to detect +# the program). +case $1 in + lex|yacc) + # Not GNU programs, they don't have --version. + ;; + + tar) + if test -n "$run"; then + echo 1>&2 "ERROR: \`tar' requires --run" + exit 1 + elif test "x$2" = "x--version" || test "x$2" = "x--help"; then + exit 1 + fi + ;; + + *) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + elif test "x$2" = "x--version" || test "x$2" = "x--help"; then + # Could not run --version or --help. This is probably someone + # running `$TOOL --version' or `$TOOL --help' to check whether + # $TOOL exists and not knowing $TOOL uses missing. + exit 1 + fi + ;; +esac + +# If it does not exist, or fails to run (possibly an outdated version), +# try to emulate it. +case $1 in + aclocal*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acinclude.m4' or \`${configure_ac}'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`${configure_ac}'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acconfig.h' or \`${configure_ac}'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case $f in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + autom4te) + echo 1>&2 "\ +WARNING: \`$1' is needed, but is $msg. + You might have modified some files without having the + proper tools for further handling them. + You can get \`$1' as part of \`Autoconf' from any GNU + archive site." + + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo "#! /bin/sh" + echo "# Created by GNU Automake missing as a replacement of" + echo "# $ $@" + echo "exit 0" + chmod +x $file + exit 1 + fi + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' $msg. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if test $# -ne 1; then + eval LASTARG="\${$#}" + case $LASTARG in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if test ! -f y.tab.h; then + echo >y.tab.h + fi + if test ! -f y.tab.c; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if test $# -ne 1; then + eval LASTARG="\${$#}" + case $LASTARG in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if test ! -f lex.yy.c; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + help2man) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a dependency of a manual page. You may need the + \`Help2man' package in order for those modifications to take + effect. You can get \`Help2man' from any GNU archive site." + + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo ".ab help2man is required to generate this page" + exit 1 + fi + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + # The file to touch is that specified with -o ... + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -z "$file"; then + # ... or it is the one specified with @setfilename ... + infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n ' + /^@setfilename/{ + s/.* \([^ ]*\) *$/\1/ + p + q + }' $infile` + # ... or it is derived from the source name (dir/f.texi becomes f.info) + test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info + fi + # If the file does not exist, the user really needs makeinfo; + # let's fail without touching anything. + test -f $file || exit 1 + touch $file + ;; + + tar) + shift + + # We have already tried tar in the generic part. + # Look for gnutar/gtar before invocation to avoid ugly error + # messages. + if (gnutar --version > /dev/null 2>&1); then + gnutar "$@" && exit 0 + fi + if (gtar --version > /dev/null 2>&1); then + gtar "$@" && exit 0 + fi + firstarg="$1" + if shift; then + case $firstarg in + *o*) + firstarg=`echo "$firstarg" | sed s/o//` + tar "$firstarg" "$@" && exit 0 + ;; + esac + case $firstarg in + *h*) + firstarg=`echo "$firstarg" | sed s/h//` + tar "$firstarg" "$@" && exit 0 + ;; + esac + fi + + echo 1>&2 "\ +WARNING: I can't seem to be able to run \`tar' with the given arguments. + You may want to install GNU tar or Free paxutils, or check the + command line arguments." + exit 1 + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and is $msg. + You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequisites for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/build-android.sh b/build-android.sh new file mode 100755 index 0000000..49d64db --- /dev/null +++ b/build-android.sh @@ -0,0 +1,28 @@ +#!/bin/sh +set -ev +VERSION=4.53 +DST=stunnel-$VERSION-android + +# to build Zlib: +# export CHOST=arm-linux-androideabi +# ./configure --static --prefix=/opt/androideabi/sysroot +# make +# make install + +# to build OpenSSL: +# export CC=arm-linux-androideabi-gcc +# ./Configure linux-armv4 threads no-shared zlib no-dso --openssldir=/opt/androideabi/sysroot +# make +# make install + +./configure --build=i686-pc-linux-gnu --host=arm-linux-androideabi --prefix=/data/local --with-ssl=/opt/androideabi/sysroot +make clean +make +mkdir $DST +cp src/stunnel /opt/androideabi/sysroot/bin/openssl $DST +# arm-linux-androideabi-strip $DST/stunnel $DST/openssl +arm-linux-androideabi-strip $DST/openssl +zip -r $DST.zip $DST +rm -rf $DST +sha256sum $DST.zip +mv $DST.zip ../dist/ diff --git a/configure b/configure new file mode 100755 index 0000000..5585fe5 --- /dev/null +++ b/configure @@ -0,0 +1,14819 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.67 for stunnel 4.53. +# +# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software +# Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also + # works around shells that cannot unset nonexistent variables. + BASH_ENV=/dev/null + ENV=/dev/null + (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + + +# Check that we are running under the correct shell. +SHELL=${CONFIG_SHELL-/bin/sh} + +case X$lt_ECHO in +X*--fallback-echo) + # Remove one level of quotation (which was required for Make). + ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','` + ;; +esac + +ECHO=${lt_ECHO-echo} +if test "X$1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X$1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then + # Yippee, $ECHO works! + : +else + # Restart under the correct shell. + exec $SHELL "$0" --no-reexec ${1+"$@"} +fi + +if test "X$1" = X--fallback-echo; then + # used as fallback echo + shift + cat <<_LT_EOF +$* +_LT_EOF + exit 0 +fi + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test -z "$lt_ECHO"; then + if test "X${echo_test_string+set}" != Xset; then + # find a string as large as possible, as long as the shell can cope with it + for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do + # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... + if { echo_test_string=`eval $cmd`; } 2>/dev/null && + { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null + then + break + fi + done + fi + + if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + : + else + # The Solaris, AIX, and Digital Unix default echo programs unquote + # backslashes. This makes it impossible to quote backslashes using + # echo "$something" | sed 's/\\/\\\\/g' + # + # So, first we look for a working echo in the user's PATH. + + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for dir in $PATH /usr/ucb; do + IFS="$lt_save_ifs" + if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && + test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + ECHO="$dir/echo" + break + fi + done + IFS="$lt_save_ifs" + + if test "X$ECHO" = Xecho; then + # We didn't find a better echo, so look for alternatives. + if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # This shell has a builtin print -r that does the trick. + ECHO='print -r' + elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && + test "X$CONFIG_SHELL" != X/bin/ksh; then + # If we have ksh, try running configure again with it. + ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} + export ORIGINAL_CONFIG_SHELL + CONFIG_SHELL=/bin/ksh + export CONFIG_SHELL + exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"} + else + # Try using printf. + ECHO='printf %s\n' + if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # Cool, printf works + : + elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL + export CONFIG_SHELL + SHELL="$CONFIG_SHELL" + export SHELL + ECHO="$CONFIG_SHELL $0 --fallback-echo" + elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + ECHO="$CONFIG_SHELL $0 --fallback-echo" + else + # maybe with a smaller string... + prev=: + + for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do + if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null + then + break + fi + prev="$cmd" + done + + if test "$prev" != 'sed 50q "$0"'; then + echo_test_string=`eval $prev` + export echo_test_string + exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"} + else + # Oops. We lost completely, so just stick with echo. + ECHO=echo + fi + fi + fi + fi + fi +fi + +# Copy echo and quote the copy suitably for passing to libtool from +# the Makefile, instead of quoting the original, which is used later. +lt_ECHO=$ECHO +if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then + lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo" +fi + + + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='stunnel' +PACKAGE_TARNAME='stunnel' +PACKAGE_VERSION='4.53' +PACKAGE_STRING='stunnel 4.53' +PACKAGE_BUGREPORT='' +PACKAGE_URL='' + +ac_unique_file="src/stunnel.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +LIBOBJS +SSLDIR +DEFAULT_GROUP +RANDOM_FILE +LIBTOOL_DEPS +CPP +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +lt_ECHO +RANLIB +AR +OBJDUMP +LN_S +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +EGREP +GREP +SED +LIBTOOL +stunnel_LDFLAGF +stunnel_CFLAGS +stunnel_LDFLAGS +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_dependency_tracking +enable_static +enable_shared +with_pic +enable_fast_install +with_gnu_ld +enable_libtool_lock +with_egd_socket +with_random +with_threads +enable_ipv6 +enable_libwrap +enable_fips +with_ssl +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures stunnel 4.53 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/stunnel] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of stunnel 4.53:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors + --enable-static[=PKGS] build static libraries [default=no] + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + --enable-ipv6 Enable IPv6 support + --disable-libwrap Disable TCP wrappers library support + --enable-fips Enable OpenSSL FIPS mode + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-pic try to use only PIC/non-PIC objects [default=use + both] + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-egd-socket=FILE Entropy Gathering Daemon socket path + --with-random=FILE read randomness from file (default=/dev/urandom) + --with-threads=model select threading model (ucontext/pthread/fork) + --with-ssl=DIR location of installed SSL libraries/include files + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to the package provider. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +stunnel configure 4.53 +generated by GNU Autoconf 2.67 + +Copyright (C) 2010 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval "test \"\${$3+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval "test \"\${$3+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_func + +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include +#include +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 &5 +$as_echo_n "checking for $2... " >&6; } +if eval "test \"\${$3+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_type + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval "test \"\${$3+set}\"" = set; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval "test \"\${$3+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval "test \"\${$3+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval "test \"\${$4+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_member +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by stunnel $as_me 4.53, which was +generated by GNU Autoconf 2.67. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5 ; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** initialization" >&5 +$as_echo "$as_me: **************************************** initialization" >&6;} +ac_aux_dir= +for ac_dir in auto "$srcdir"/auto; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in auto \"$srcdir\"/auto" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + + +am__api_version='1.11' + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Just in case +sleep 1 +echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;; +esac + +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken +alias in your environment" "$LINENO" 5 + fi + + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if test "${ac_cv_path_mkdir+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +mkdir_p="$MKDIR_P" +case $mkdir_p in + [\\/$]* | ?:[\\/]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_AWK+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE=stunnel + VERSION=4.53 + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. + +AMTAR=${AMTAR-"${am_missing_run}tar"} + +am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' + + + + + +ac_config_headers="$ac_config_headers src/config.h" + + + +$as_echo "#define _GNU_SOURCE 1" >>confdefs.h + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if test "${ac_cv_build+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if test "${ac_cv_host+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + + +cat >>confdefs.h <<_ACEOF +#define HOST "$host" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define `echo CPU_$host_cpu | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define `echo VENDOR_$host_vendor | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define `echo OS_$host_os | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +_ACEOF + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5 ; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5 ; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5 ; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5 ; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if test "${ac_cv_objext+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5 ; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +if test "x$CC" != xcc; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 +$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 +$as_echo_n "checking whether cc understands -c and -o together... " >&6; } +fi +set dummy $CC; ac_cc=`$as_echo "$2" | + sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` +if eval "test \"\${ac_cv_prog_cc_${ac_cc}_c_o+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +# Make sure it works both with $CC and with simple cc. +# We do the test twice because some compilers refuse to overwrite an +# existing .o file with -o, though they will create one. +ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' +rm -f conftest2.* +if { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && + test -f conftest2.$ac_objext && { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; +then + eval ac_cv_prog_cc_${ac_cc}_c_o=yes + if test "x$CC" != xcc; then + # Test first that cc exists at all. + if { ac_try='cc -c conftest.$ac_ext >&5' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' + rm -f conftest2.* + if { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && + test -f conftest2.$ac_objext && { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; + then + # cc works too. + : + else + # cc exists but doesn't like -o. + eval ac_cv_prog_cc_${ac_cc}_c_o=no + fi + fi + fi +else + eval ac_cv_prog_cc_${ac_cc}_c_o=no +fi +rm -f core conftest* + +fi +if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h + +fi + +# FIXME: we rely on the cache variable name because +# there is no other way. +set dummy $CC +am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` +eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o +if test "$am_t" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + + +# Checks for typedefs, structures, and compiler characteristics +# AC_C_CONST +# AC_TYPE_SIZE_T +# AC_TYPE_PID_T +# AC_HEADER_TIME + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** compiler/linker flags" >&5 +$as_echo "$as_me: **************************************** compiler/linker flags" >&6;} + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -pthread" >&5 +$as_echo_n "checking whether $CC accepts -pthread... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -pthread" +valid_LDFLAGS="$LDFLAGS"; LDFLAGS="$LDFLAGS -pthread" + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + stunnel_CFLAGS="$stunnel_CFLAGS -pthread" + + stunnel_LDFLAGF="$stunnel_LDFLAGF -pthread" + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +CFLAGS="$valid_CFLAGS"; LDFLAGS="$valid_LDFLAGS" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -fstack-protector" >&5 +$as_echo_n "checking whether $CC accepts -fstack-protector... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -fstack-protector" +valid_LDFLAGS="$LDFLAGS"; LDFLAGS="$LDFLAGS -fstack-protector" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + stunnel_CFLAGS="$stunnel_CFLAGS -fstack-protector" + + stunnel_LDFLAGF="$stunnel_LDFLAGF -fstack-protector" + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +CFLAGS="$valid_CFLAGS"; LDFLAGS="$valid_LDFLAGS" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -pie" >&5 +$as_echo_n "checking whether $CC accepts -pie... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -fPIE" +valid_LDFLAGS="$LDFLAGS"; LDFLAGS="$LDFLAGS -pie -fPIE" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + stunnel_CFLAGS="$stunnel_CFLAGS -fPIE" + + stunnel_LDFLAGF="$stunnel_LDFLAGF -pie -fPIE" + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +CFLAGS="$valid_CFLAGS"; LDFLAGS="$valid_LDFLAGS" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -Wall" >&5 +$as_echo_n "checking whether $CC accepts -Wall... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -Wall" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; CFLAGS="$valid_CFLAGS" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -Wextra" >&5 +$as_echo_n "checking whether $CC accepts -Wextra... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -Wextra" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; CFLAGS="$valid_CFLAGS" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -Wno-long-long" >&5 +$as_echo_n "checking whether $CC accepts -Wno-long-long... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -Wno-long-long" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; CFLAGS="$valid_CFLAGS" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -pedantic" >&5 +$as_echo_n "checking whether $CC accepts -pedantic... " >&6; } +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -pedantic" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int main() {return 0;} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; CFLAGS="$valid_CFLAGS" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** libtool" >&5 +$as_echo "$as_me: **************************************** libtool" >&6;} +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac + + + +macro_version='2.2.6b' +macro_revision='1.3017' + + + + + + + + + + + + + +ltmain="$ac_aux_dir/ltmain.sh" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if test "${ac_cv_path_SED+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if test "${ac_cv_path_GREP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if test "${ac_cv_path_EGREP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if test "${ac_cv_path_FGREP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if test "${lt_cv_path_LD+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if test "${lt_cv_prog_gnu_ld+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if test "${lt_cv_path_NM+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$ac_tool_prefix"; then + for ac_prog in "dumpbin -symbols" "link -dump -symbols" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_DUMPBIN+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$DUMPBIN" && break + done +fi +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in "dumpbin -symbols" "link -dump -symbols" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_DUMPBIN" && break +done + + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DUMPBIN=$ac_ct_DUMPBIN + fi +fi + + + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if test "${lt_cv_nm_interface+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:5123: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&5 + (eval echo "\"\$as_me:5126: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&5 + (eval echo "\"\$as_me:5129: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +# find the maximum length of command line arguments +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if test "${lt_cv_sys_max_cmd_len+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ + = "XX$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac + +fi + +if test -n $lt_cv_sys_max_cmd_len ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 +$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 +$as_echo "$xsi_shell" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 +$as_echo_n "checking whether the shell understands \"+=\"... " >&6; } +lt_shell_append=no +( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 +$as_echo "$lt_shell_append" >&6; } + + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi + + + + + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if test "${lt_cv_ld_reload_flag+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + darwin*) + if test "$GCC" = yes; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_OBJDUMP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if test "${lt_cv_deplibs_check_method+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# `unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# which responds to the $file_magic_cmd with a given extended regex. +# If you have `file' or equivalent on your system and you're not sure +# whether `pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + if ( file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. +set dummy ${ac_tool_prefix}ar; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_AR+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AR="${ac_tool_prefix}ar" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_AR"; then + ac_ct_AR=$AR + # Extract the first word of "ar", so it can be a program name with args. +set dummy ar; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_AR+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_AR="ar" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +else + AR="$ac_cv_prog_AR" +fi + +test -z "$AR" && AR=ar +test -z "$AR_FLAGS" && AR_FLAGS=cru + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_RANLIB+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[ABCDGISTW]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[ABCDEGRST]' + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5 + (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +const struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_save_LIBS="$LIBS" + lt_save_CFLAGS="$CFLAGS" + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS="$lt_save_LIBS" + CFLAGS="$lt_save_CFLAGS" + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } +fi + + + + + + + + + + + + + + + + + + + + + + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '#line 6334 "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if test "${lt_cv_cc_needs_belf+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +sparc*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) LD="${LD-ld} -m elf64_sparc" ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_DSYMUTIL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_NMEDIT+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_LIPO+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_OTOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_OTOOL64+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if test "${lt_cv_apple_cc_single_mod+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if test "${lt_cv_ld_exported_symbols_list+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[012]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5 ; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + +# Set options +# Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_static=no +fi + + + + + + + + + + + enable_dlopen=no + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; pic_mode="$withval" +else + pic_mode=default +fi + + +test -z "$pic_mode" && pic_mode=default + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if test "${lt_cv_objdir+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + + + + + + + + + + + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/${ac_tool_prefix}file; then + lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/file; then + lt_cv_path_MAGIC_CMD="$ac_dir/file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +# Use C for the default configuration in the libtool script + +lt_save_CC="$CC" +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + +lt_prog_compiler_no_builtin_flag= + +if test "$GCC" = yes; then + lt_prog_compiler_no_builtin_flag=' -fno-builtin' + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:7862: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:7866: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + + + + + + + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } + + if test "$GCC" = yes; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl*) + # IBM XL C 8.0/Fortran 10.1 on PPC + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Sun\ F*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5 +$as_echo "$lt_prog_compiler_pic" >&6; } + + + + + + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if test "${lt_cv_prog_compiler_pic_works+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:8201: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:8205: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test x"$lt_cv_prog_compiler_pic_works" = xyes; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if test "${lt_cv_prog_compiler_static_works+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } + +if test x"$lt_cv_prog_compiler_static_works" = xyes; then + : +else + lt_prog_compiler_static= +fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test "${lt_cv_prog_compiler_c_o+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:8306: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:8310: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test "${lt_cv_prog_compiler_c_o+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:8361: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:8365: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test "$hard_links" = no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= + always_export_symbols=no + archive_cmds= + archive_expsym_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no + export_dynamic_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no + hardcode_libdir_flag_spec= + hardcode_libdir_flag_spec_ld= + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + inherit_rpath=no + link_all_deplibs=unknown + module_cmds= + module_expsym_cmds= + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + linux* | k*bsd*-gnu) + link_all_deplibs=no + ;; + esac + + ld_shlibs=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + export_dynamic_flag_spec='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag= + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec= + hardcode_libdir_flag_spec_ld='-rpath $libdir' + archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + ld_shlibs=no + fi + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test "$ld_shlibs" = no; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix[4-9]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_direct_absolute=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + file_list_spec='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + link_all_deplibs=no + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + export_dynamic_flag_spec='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\(.*\)$/\1/ + p + } + }' +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\(.*\)$/\1/ + p + } + }' +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' ${wl}-bernotok' + allow_undefined_flag=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + archive_cmds_need_lc=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes=yes + ;; + + darwin* | rhapsody*) + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + whole_archive_flag_spec='' + link_all_deplibs=yes + allow_undefined_flag="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=echo + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + + else + ld_shlibs=no + fi + + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + freebsd1*) + ld_shlibs=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test "$GCC" = yes; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_flag_spec_ld='+b $libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo(void) {} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + else + ld_shlibs=no + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='${wl}-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='${wl}-z,text' + allow_undefined_flag='${wl}-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-R,$libdir' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='${wl}-Blargedynsym' + ;; + esac + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } +test "$ld_shlibs" = no && can_build_shared=no + +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + archive_cmds_need_lc=no + else + archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5 +$as_echo "$archive_cmds_need_lc" >&6; } + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` + else + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[4-9]*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[123]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix[3-9]*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # Some binutils ld are patched to set DT_RUNPATH + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || + test "X$hardcode_automatic" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$hardcode_direct" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && + test "$hardcode_minus_L" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } + +if test "$hardcode_action" = relink || + test "$inherit_rpath" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = x""yes; then : + lt_cv_dlopen="shl_load" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if test "${ac_cv_lib_dld_shl_load+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes +else + ac_cv_lib_dld_shl_load=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = x""yes; then : + lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" +else + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = x""yes; then : + lt_cv_dlopen="dlopen" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if test "${ac_cv_lib_svld_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_svld_dlopen=yes +else + ac_cv_lib_svld_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = x""yes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if test "${ac_cv_lib_dld_dld_link+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_dld_link=yes +else + ac_cv_lib_dld_dld_link=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = x""yes; then : + lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if test "${lt_cv_dlopen_self+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line 10745 "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if test "${lt_cv_dlopen_self_static+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line 10841 "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + + + + + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac +fi + + + + + + + + + + + + + # Report which library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[4-9]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + + + + +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** types" >&5 +$as_echo "$as_me: **************************************** types" >&6;} +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned char" >&5 +$as_echo_n "checking size of unsigned char... " >&6; } +if test "${ac_cv_sizeof_unsigned_char+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned char))" "ac_cv_sizeof_unsigned_char" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_char" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned char) +See \`config.log' for more details" "$LINENO" 5 ; } + else + ac_cv_sizeof_unsigned_char=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_char" >&5 +$as_echo "$ac_cv_sizeof_unsigned_char" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_CHAR $ac_cv_sizeof_unsigned_char +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5 +$as_echo_n "checking size of unsigned short... " >&6; } +if test "${ac_cv_sizeof_unsigned_short+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_short" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned short) +See \`config.log' for more details" "$LINENO" 5 ; } + else + ac_cv_sizeof_unsigned_short=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5 +$as_echo "$ac_cv_sizeof_unsigned_short" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 +$as_echo_n "checking size of unsigned int... " >&6; } +if test "${ac_cv_sizeof_unsigned_int+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned int) +See \`config.log' for more details" "$LINENO" 5 ; } + else + ac_cv_sizeof_unsigned_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 +$as_echo "$ac_cv_sizeof_unsigned_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 +$as_echo_n "checking size of unsigned long... " >&6; } +if test "${ac_cv_sizeof_unsigned_long+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_long" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned long) +See \`config.log' for more details" "$LINENO" 5 ; } + else + ac_cv_sizeof_unsigned_long=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 +$as_echo "$ac_cv_sizeof_unsigned_long" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long +_ACEOF + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 +$as_echo_n "checking for socklen_t... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "socklen_t" >/dev/null 2>&1; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (defined as int)" >&5 +$as_echo "no (defined as int)" >&6; } + +$as_echo "#define socklen_t int" >>confdefs.h + +fi +rm -f conftest* + + +ac_fn_c_check_type "$LINENO" "struct sockaddr_un" "ac_cv_type_struct_sockaddr_un" "#include +" +if test "x$ac_cv_type_struct_sockaddr_un" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_UN 1 +_ACEOF + + +fi + +ac_fn_c_check_type "$LINENO" "struct addrinfo" "ac_cv_type_struct_addrinfo" "#include +" +if test "x$ac_cv_type_struct_addrinfo" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_ADDRINFO 1 +_ACEOF + + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** PTY device files" >&5 +$as_echo "$as_me: **************************************** PTY device files" >&6;} +if test "$cross_compiling" = "no"; then + as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 +$as_echo_n "checking for \"/dev/ptmx\"... " >&6; } +if eval "test \"\${$as_ac_File+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/ptmx""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + +$as_echo "#define HAVE_DEV_PTMX 1" >>confdefs.h + +fi + + as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 +$as_echo_n "checking for \"/dev/ptc\"... " >&6; } +if eval "test \"\${$as_ac_File+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/ptc""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + +$as_echo "#define HAVE_DEV_PTS_AND_PTC 1" >>confdefs.h + +fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming /dev/ptmx and /dev/ptc are not available" >&5 +$as_echo "$as_me: WARNING: cross-compilation: assuming /dev/ptmx and /dev/ptc are not available" >&2;} +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** entropy sources" >&5 +$as_echo "$as_me: **************************************** entropy sources" >&6;} + +if test "$cross_compiling" = "no"; then + +# Check whether --with-egd-socket was given. +if test "${with_egd_socket+set}" = set; then : + withval=$with_egd_socket; EGD_SOCKET="$withval" + +fi + + if test -n "$EGD_SOCKET"; then + +cat >>confdefs.h <<_ACEOF +#define EGD_SOCKET "$EGD_SOCKET" +_ACEOF + + fi + + # Check for user-specified random device + +# Check whether --with-random was given. +if test "${with_random+set}" = set; then : + withval=$with_random; RANDOM_FILE="$withval" +else + + # Check for random device + as_ac_File=`$as_echo "ac_cv_file_"/dev/urandom"" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/urandom\"" >&5 +$as_echo_n "checking for \"/dev/urandom\"... " >&6; } +if eval "test \"\${$as_ac_File+set}\"" = set; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r ""/dev/urandom""; then + eval "$as_ac_File=yes" +else + eval "$as_ac_File=no" +fi +fi +eval ac_res=\$$as_ac_File + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + RANDOM_FILE="/dev/urandom" +fi + + + +fi + + if test -n "$RANDOM_FILE"; then + + +cat >>confdefs.h <<_ACEOF +#define RANDOM_FILE "$RANDOM_FILE" +_ACEOF + + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming entropy sources are not available" >&5 +$as_echo "$as_me: WARNING: cross-compilation: assuming entropy sources are not available" >&2;} +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** default group" >&5 +$as_echo "$as_me: **************************************** default group" >&6;} +DEFAULT_GROUP=nobody +if test "$cross_compiling" = "no"; then + grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming nogroup is not available" >&5 +$as_echo "$as_me: WARNING: cross-compilation: assuming nogroup is not available" >&2;} +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default group" >&5 +$as_echo_n "checking for default group... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $DEFAULT_GROUP" >&5 +$as_echo "$DEFAULT_GROUP" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** header files" >&5 +$as_echo "$as_me: **************************************** header files" >&6;} +# AC_HEADER_DIRENT +# AC_HEADER_STDC +# AC_HEADER_SYS_WAIT +for ac_header in malloc.h ucontext.h pthread.h poll.h tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +for ac_header in sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +ac_fn_c_check_member "$LINENO" "struct msghdr" "msg_control" "ac_cv_member_struct_msghdr_msg_control" " +$ac_includes_default +#include + +" +if test "x$ac_cv_member_struct_msghdr_msg_control" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_MSGHDR_MSG_CONTROL 1 +_ACEOF + + +$as_echo "#define HAVE_MSGHDR_MSG_CONTROL 1" >>confdefs.h + +fi + +for ac_header in linux/netfilter_ipv4.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/netfilter_ipv4.h" "ac_cv_header_linux_netfilter_ipv4_h" " +#include +#include +#include +#include + +" +if test "x$ac_cv_header_linux_netfilter_ipv4_h" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_NETFILTER_IPV4_H 1 +_ACEOF + +fi + +done + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** libraries" >&5 +$as_echo "$as_me: **************************************** libraries" >&6;} +# Checks for standard libraries +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +$as_echo_n "checking for library containing gethostbyname... " >&6; } +if test "${ac_cv_search_gethostbyname+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostbyname (); +int +main () +{ +return gethostbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_gethostbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_gethostbyname+set}" = set; then : + break +fi +done +if test "${ac_cv_search_gethostbyname+set}" = set; then : + +else + ac_cv_search_gethostbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +$as_echo "$ac_cv_search_gethostbyname" >&6; } +ac_res=$ac_cv_search_gethostbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing yp_get_default_domain" >&5 +$as_echo_n "checking for library containing yp_get_default_domain... " >&6; } +if test "${ac_cv_search_yp_get_default_domain+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char yp_get_default_domain (); +int +main () +{ +return yp_get_default_domain (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_yp_get_default_domain=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_yp_get_default_domain+set}" = set; then : + break +fi +done +if test "${ac_cv_search_yp_get_default_domain+set}" = set; then : + +else + ac_cv_search_yp_get_default_domain=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yp_get_default_domain" >&5 +$as_echo "$ac_cv_search_yp_get_default_domain" >&6; } +ac_res=$ac_cv_search_yp_get_default_domain +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 +$as_echo_n "checking for library containing socket... " >&6; } +if test "${ac_cv_search_socket+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char socket (); +int +main () +{ +return socket (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_socket=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_socket+set}" = set; then : + break +fi +done +if test "${ac_cv_search_socket+set}" = set; then : + +else + ac_cv_search_socket=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 +$as_echo "$ac_cv_search_socket" >&6; } +ac_res=$ac_cv_search_socket +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 +$as_echo_n "checking for library containing openpty... " >&6; } +if test "${ac_cv_search_openpty+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char openpty (); +int +main () +{ +return openpty (); + ; + return 0; +} +_ACEOF +for ac_lib in '' util; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_openpty=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_openpty+set}" = set; then : + break +fi +done +if test "${ac_cv_search_openpty+set}" = set; then : + +else + ac_cv_search_openpty=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 +$as_echo "$ac_cv_search_openpty" >&6; } +ac_res=$ac_cv_search_openpty +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +# Checks for dynamic loader and zlib needed by OpenSSL +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +$as_echo_n "checking for library containing dlopen... " >&6; } +if test "${ac_cv_search_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_dlopen+set}" = set; then : + break +fi +done +if test "${ac_cv_search_dlopen+set}" = set; then : + +else + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +$as_echo "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing shl_load" >&5 +$as_echo_n "checking for library containing shl_load... " >&6; } +if test "${ac_cv_search_shl_load+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dld; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_shl_load=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_shl_load+set}" = set; then : + break +fi +done +if test "${ac_cv_search_shl_load+set}" = set; then : + +else + ac_cv_search_shl_load=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_shl_load" >&5 +$as_echo "$ac_cv_search_shl_load" >&6; } +ac_res=$ac_cv_search_shl_load +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inflateEnd" >&5 +$as_echo_n "checking for library containing inflateEnd... " >&6; } +if test "${ac_cv_search_inflateEnd+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inflateEnd (); +int +main () +{ +return inflateEnd (); + ; + return 0; +} +_ACEOF +for ac_lib in '' z; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inflateEnd=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_inflateEnd+set}" = set; then : + break +fi +done +if test "${ac_cv_search_inflateEnd+set}" = set; then : + +else + ac_cv_search_inflateEnd=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inflateEnd" >&5 +$as_echo "$ac_cv_search_inflateEnd" >&6; } +ac_res=$ac_cv_search_inflateEnd +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + +# Add BeOS libraries +if test "$host_os" = "beos"; then + LIBS="$LIBS -lbe -lroot -lbind" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** thread model" >&5 +$as_echo "$as_me: **************************************** thread model" >&6;} + +checkpthreadlib() { : + # 1. BSD hack: attempt to use alternative libc implementation if available + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lc_r" >&5 +$as_echo_n "checking for pthread_create in -lc_r... " >&6; } +if test "${ac_cv_lib_c_r_pthread_create+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc_r $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_create (); +int +main () +{ +return pthread_create (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_c_r_pthread_create=yes +else + ac_cv_lib_c_r_pthread_create=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_r_pthread_create" >&5 +$as_echo "$ac_cv_lib_c_r_pthread_create" >&6; } +if test "x$ac_cv_lib_c_r_pthread_create" = x""yes; then : + + LIBS="$LIBS -pthread" + HAVE_LIBPTHREAD="yes" + +$as_echo "#define HAVE_LIBPTHREAD 1" >>confdefs.h + + + +fi + + + # 2. try to use from standard libc (required by Android and possibly other platforms) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lc" >&5 +$as_echo_n "checking for pthread_create in -lc... " >&6; } +if test "${ac_cv_lib_c_pthread_create+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_create (); +int +main () +{ +return pthread_create (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_c_pthread_create=yes +else + ac_cv_lib_c_pthread_create=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_pthread_create" >&5 +$as_echo "$ac_cv_lib_c_pthread_create" >&6; } +if test "x$ac_cv_lib_c_pthread_create" = x""yes; then : + + HAVE_LIBPTHREAD="yes" + +$as_echo "#define HAVE_LIBPTHREAD 1" >>confdefs.h + + + +fi + + + # 3. try libpthread: OSF hack instead of simple AC_CHECK_LIB here + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lpthread" >&5 +$as_echo_n "checking for pthread_create in -lpthread... " >&6; } + valid_LIBS="$LIBS" + LIBS="$valid_LIBS -lpthread" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + +pthread_create((void *)0, (void *)0, (void *)0, (void *)0) + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + HAVE_LIBPTHREAD="yes" + +$as_echo "#define HAVE_LIBPTHREAD 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$valid_LIBS" + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} + + +# Check whether --with-threads was given. +if test "${with_threads+set}" = set; then : + withval=$with_threads; + case "$withval" in + ucontext) + { $as_echo "$as_me:${as_lineno-$LINENO}: UCONTEXT mode selected" >&5 +$as_echo "$as_me: UCONTEXT mode selected" >&6;} + +$as_echo "#define USE_UCONTEXT 1" >>confdefs.h + + ;; + pthread) + checkpthreadlib + { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD mode selected" >&5 +$as_echo "$as_me: PTHREAD mode selected" >&6;} + +$as_echo "#define USE_PTHREAD 1" >>confdefs.h + + ;; + fork) + { $as_echo "$as_me:${as_lineno-$LINENO}: FORK mode selected" >&5 +$as_echo "$as_me: FORK mode selected" >&6;} + +$as_echo "#define USE_FORK 1" >>confdefs.h + + ;; + *) + as_fn_error $? "Unknown thread model \"${withval}\"" "$LINENO" 5 + ;; + esac + +else + + checkpthreadlib + if test "$HAVE_LIBPTHREAD" = "yes" -a "$ac_cv_header_pthread_h" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD thread model detected" >&5 +$as_echo "$as_me: PTHREAD thread model detected" >&6;} + +$as_echo "#define USE_PTHREAD 1" >>confdefs.h + + elif test "$ac_cv_func_getcontext" = "yes" -a "$ac_cv_header_ucontext_h" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: UCONTEXT thread model detected" >&5 +$as_echo "$as_me: UCONTEXT thread model detected" >&6;} + +$as_echo "#define USE_UCONTEXT 1" >>confdefs.h + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: FORK thread model detected" >&5 +$as_echo "$as_me: FORK thread model detected" >&6;} + +$as_echo "#define USE_FORK 1" >>confdefs.h + + fi + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** library functions" >&5 +$as_echo "$as_me: **************************************** library functions" >&6;} +# safe string operations +for ac_func in snprintf vsnprintf +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +# pseudoterminal +for ac_func in openpty _getpty +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +# Unix +for ac_func in daemon waitpid wait4 setsid setgroups chroot +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +# limits +for ac_func in sysconf getrlimit +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +# threads/reentrant functions +for ac_func in pthread_sigmask localtime_r +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +# threads +for ac_func in getcontext __makecontext_v2 +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +# sockets +for ac_func in poll gethostbyname2 endhostent getnameinfo +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 +$as_echo_n "checking for getaddrinfo... " >&6; } +case "$host_os" in +*androideabi*) + # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (buggy Android implementation)" >&5 +$as_echo "no (buggy Android implementation)" >&6; } + ;; +*) + # Tru64 UNIX has getaddrinfo() but has it renamed in libc as + # something else so we must include to get the + # redefinition. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +$ac_includes_default +#include +#include + +int +main () +{ + +getaddrinfo(NULL, NULL, NULL, NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +$as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ;; +esac +# poll() is not recommended on Mac OS X <=10.3 and broken on Mac OS X >=10.4 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken poll() implementation" >&5 +$as_echo_n "checking for broken poll() implementation... " >&6; } +case "$host_os" in +darwin*) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (poll() disabled)" >&5 +$as_echo "yes (poll() disabled)" >&6; } + +$as_echo "#define BROKEN_POLL 1" >>confdefs.h + + ;; +*) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; +esac +# GNU extensions +for ac_func in pipe2 accept4 +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** optional features" >&5 +$as_echo "$as_me: **************************************** optional features" >&6;} +# Use IPv6? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable IPv6 support" >&5 +$as_echo_n "checking whether to enable IPv6 support... " >&6; } +# Check whether --enable-ipv6 was given. +if test "${enable_ipv6+set}" = set; then : + enableval=$enable_ipv6; + case "$enableval" in + yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define USE_IPv6 1" >>confdefs.h + + ;; + no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 +$as_echo "error" >&6; } + as_fn_error $? "bad value \"${enableval}\"" "$LINENO" 5 + ;; + esac + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +$as_echo "#define USE_IPv6 1" >>confdefs.h + +fi + + +# Disable use of libwrap (TCP wrappers) +# it should be the last check! +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable TCP wrappers library support" >&5 +$as_echo_n "checking whether to disable TCP wrappers library support... " >&6; } +# Check whether --enable-libwrap was given. +if test "${enable_libwrap+set}" = set; then : + enableval=$enable_libwrap; + case "$enableval" in + yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define HAVE_LIBWRAP 1" >>confdefs.h + + LIBS="$LIBS -lwrap" + ;; + no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 +$as_echo "error" >&6; } + as_fn_error $? "Bad value \"${enableval}\"" "$LINENO" 5 + ;; + esac + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 +$as_echo "autodetecting" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for hosts_access in -lwrap" >&5 +$as_echo_n "checking for hosts_access in -lwrap... " >&6; } + valid_LIBS="$LIBS" + LIBS="$valid_LIBS -lwrap" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int hosts_access(); int allow_severity, deny_severity; + +int +main () +{ + +hosts_access() + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +$as_echo "#define HAVE_LIBWRAP 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; LIBS="$valid_LIBS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + +fi + + +# FIPS Mode +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable FIPS mode support" >&5 +$as_echo_n "checking whether to enable FIPS mode support... " >&6; } +# Check whether --enable-fips was given. +if test "${enable_fips+set}" = set; then : + enableval=$enable_fips; + case "$enableval" in + yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + sub_dirs="/ssl/fips /ssl/fips-1.0 /" + fips="yes" + +$as_echo "#define USE_FIPS 1" >>confdefs.h + + ;; + no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + sub_dirs="/ssl /openssl /" + fips="no" + ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 +$as_echo "error" >&6; } + as_fn_error $? "bad value \"${enableval}\"" "$LINENO" 5 + ;; + esac + +else + + sub_dirs="/ssl/fips /ssl/fips-1.0 /ssl /openssl /" + fips="auto" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 +$as_echo "autodetecting" >&6; } + + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** SSL" >&5 +$as_echo "$as_me: **************************************** SSL" >&6;} +check_ssl_dir() { : + SSLDIR="$1" + if test -f "$1/include/openssl/ssl.h"; then + return 0 + fi + return 1 +} + +# Check for SSL directory +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL directory" >&5 +$as_echo_n "checking for SSL directory... " >&6; } + +# Check whether --with-ssl was given. +if test "${with_ssl+set}" = set; then : + withval=$with_ssl; + check_ssl_dir "$withval" + +else + + for main_dir in /usr/local /usr/lib /usr/pkg /opt/local /opt /usr; do + for sub_dir in $sub_dirs; do + check_ssl_dir "$main_dir$sub_dir" && break 2 + done + done + + +fi + +if test ! -d "$SSLDIR"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +$as_echo "not found" >&6; } +as_fn_error $? " +Couldn't find your SSL library installation dir +Use --with-ssl option to fix this problem +" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $SSLDIR" >&5 +$as_echo "$SSLDIR" >&6; } + + +cat >>confdefs.h <<_ACEOF +#define SSLDIR "$SSLDIR" +_ACEOF + + +valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" +valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" + +as_ac_Header=`$as_echo "ac_cv_header_$SSLDIR/include/openssl/engine.h" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$SSLDIR/include/openssl/engine.h" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + +$as_echo "#define HAVE_OSSL_ENGINE_H 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL engine header not found" >&5 +$as_echo "$as_me: WARNING: OpenSSL engine header not found" >&2;} +fi + + + +as_ac_Header=`$as_echo "ac_cv_header_$SSLDIR/include/openssl/ocsp.h" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$SSLDIR/include/openssl/ocsp.h" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + +$as_echo "#define HAVE_OSSL_OCSP_H 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL ocsp header not found" >&5 +$as_echo "$as_me: WARNING: OpenSSL ocsp header not found" >&2;} +fi + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for FIPS_mode_set" >&5 +$as_echo_n "checking for FIPS_mode_set... " >&6; } +if test "$fips" = "auto"; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + +FIPS_mode_set(1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define USE_FIPS 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: test skipped" >&5 +$as_echo "test skipped" >&6; } +fi + +CPPFLAGS="$valid_CPPFLAGS" +LIBS="$valid_LIBS" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** write the results" >&5 +$as_echo "$as_me: **************************************** write the results" >&6;} +ac_config_files="$ac_config_files Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init tools/stunnel.service" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + test "x$cache_file" != "x/dev/null" && + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + cat confcache >$cache_file + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +: ${CONFIG_STATUS=./config.status} +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by stunnel $as_me 4.53, which was +generated by GNU Autoconf 2.67. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to the package provider." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +stunnel config.status 4.53 +configured by $0, generated by GNU Autoconf 2.67, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2010 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`' +macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`' +enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`' +enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`' +pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`' +host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`' +host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`' +host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`' +build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`' +build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`' +build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`' +SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`' +Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`' +GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`' +EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`' +FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`' +LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`' +NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`' +LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`' +ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`' +exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`' +lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`' +reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`' +AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`' +STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`' +RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`' +CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`' +compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`' +GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`' +objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`' +SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`' +ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`' +need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`' +LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`' +OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`' +libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`' +module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`' +fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`' +need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`' +version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`' +runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`' +libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`' +soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`' +finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`' +sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`' +old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`' +striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# Quote evaled strings. +for var in SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +AR \ +AR_FLAGS \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +SHELL \ +ECHO \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_wl \ +lt_prog_compiler_pic \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_flag_spec_ld \ +hardcode_libdir_separator \ +fix_srcfile_path \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +finish_eval \ +old_striplib \ +striplib; do + case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +sys_lib_dlsearch_path_spec; do + case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Fix-up fallback echo if it was mangled by the above quoting rules. +case \$lt_ECHO in +*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\` + ;; +esac + +ac_aux_dir='$ac_aux_dir' +xsi_shell='$xsi_shell' +lt_shell_append='$lt_shell_append' + +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile' + + + + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "src/config.h") CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "src/stunnel3") CONFIG_FILES="$CONFIG_FILES src/stunnel3" ;; + "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;; + "tools/stunnel.conf-sample") CONFIG_FILES="$CONFIG_FILES tools/stunnel.conf-sample" ;; + "tools/stunnel.init") CONFIG_FILES="$CONFIG_FILES tools/stunnel.init" ;; + "tools/stunnel.service") CONFIG_FILES="$CONFIG_FILES tools/stunnel.service" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= + trap 'exit_status=$? + { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_t=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_t"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$tmp/stdin" + case $ac_file in + -) cat "$tmp/out" && rm -f "$tmp/out";; + *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" + } >"$tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +# The names of the tagged configurations supported by this script. +available_tags="" + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that does not interpret backslashes. +ECHO=$lt_ECHO + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# If ld is used when linking, flag to hardcode \$libdir into a binary +# during linking. This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \${shlibpath_var} if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path=$lt_fix_srcfile_path + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain="$ac_aux_dir/ltmain.sh" + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + case $xsi_shell in + yes) + cat << \_LT_EOF >> "$cfgfile" + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac +} + +# func_basename file +func_basename () +{ + func_basename_result="${1##*/}" +} + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac + func_basename_result="${1##*/}" +} + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +func_stripname () +{ + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary parameter first. + func_stripname_result=${3} + func_stripname_result=${func_stripname_result#"${1}"} + func_stripname_result=${func_stripname_result%"${2}"} +} + +# func_opt_split +func_opt_split () +{ + func_opt_split_opt=${1%%=*} + func_opt_split_arg=${1#*=} +} + +# func_lo2o object +func_lo2o () +{ + case ${1} in + *.lo) func_lo2o_result=${1%.lo}.${objext} ;; + *) func_lo2o_result=${1} ;; + esac +} + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=${1%.*}.lo +} + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=$(( $* )) +} + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=${#1} +} + +_LT_EOF + ;; + *) # Bourne compatible functions. + cat << \_LT_EOF >> "$cfgfile" + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi +} + +# func_basename file +func_basename () +{ + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# func_strip_suffix prefix name +func_stripname () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "X${3}" \ + | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "X${3}" \ + | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; + esac +} + +# sed scripts: +my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q' +my_sed_long_arg='1s/^-[^=]*=//' + +# func_opt_split +func_opt_split () +{ + func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` + func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` +} + +# func_lo2o object +func_lo2o () +{ + func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` +} + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'` +} + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=`expr "$@"` +} + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` +} + +_LT_EOF +esac + +case $lt_shell_append in + yes) + cat << \_LT_EOF >> "$cfgfile" + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "$1+=\$2" +} +_LT_EOF + ;; + *) + cat << \_LT_EOF >> "$cfgfile" + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "$1=\$$1\$2" +} + +_LT_EOF + ;; + esac + + + sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** success" >&5 +$as_echo "$as_me: **************************************** success" >&6;} +# End of configure.ac diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..0182e5e --- /dev/null +++ b/configure.ac @@ -0,0 +1,494 @@ +# Process this file with autoconf to produce a configure script. + +AC_INIT([stunnel],[4.53]) +AC_MSG_NOTICE([**************************************** initialization]) +AC_CONFIG_AUX_DIR(auto) +AC_CONFIG_MACRO_DIR([m4]) +AM_INIT_AUTOMAKE(stunnel, 4.53) +AC_CONFIG_HEADERS([src/config.h]) +AC_CONFIG_SRCDIR([src/stunnel.c]) +AC_DEFINE([_GNU_SOURCE], [1], [Use GNU source]) + +AC_CANONICAL_HOST +AC_SUBST([host]) +AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description]) +define([esc], [`echo ]$1[ | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_`]) +AC_DEFINE_UNQUOTED(esc(CPU_$host_cpu)) +AC_DEFINE_UNQUOTED(esc(VENDOR_$host_vendor)) +AC_DEFINE_UNQUOTED(esc(OS_$host_os)) + +AC_PROG_CC +AM_PROG_CC_C_O +AC_PROG_INSTALL +AC_PROG_MAKE_SET + +# Checks for typedefs, structures, and compiler characteristics +# AC_C_CONST +# AC_TYPE_SIZE_T +# AC_TYPE_PID_T +# AC_HEADER_TIME + +AC_MSG_NOTICE([**************************************** compiler/linker flags]) +AC_SUBST([stunnel_LDFLAGS]) + +AC_MSG_CHECKING([whether $CC accepts -pthread]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -pthread" +valid_LDFLAGS="$LDFLAGS"; LDFLAGS="$LDFLAGS -pthread" +AC_LINK_IFELSE([int main() {return 0;}], + [ + AC_MSG_RESULT([yes]) + AC_SUBST([stunnel_CFLAGS], ["$stunnel_CFLAGS -pthread"]) + AC_SUBST([stunnel_LDFLAGF], ["$stunnel_LDFLAGF -pthread"]) + ], [ + AC_MSG_RESULT([no]) + ]) +CFLAGS="$valid_CFLAGS"; LDFLAGS="$valid_LDFLAGS" + +AC_MSG_CHECKING([whether $CC accepts -fstack-protector]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -fstack-protector" +valid_LDFLAGS="$LDFLAGS"; LDFLAGS="$LDFLAGS -fstack-protector" +AC_LINK_IFELSE([int main() {return 0;}], + [ + AC_MSG_RESULT([yes]) + AC_SUBST([stunnel_CFLAGS], ["$stunnel_CFLAGS -fstack-protector"]) + AC_SUBST([stunnel_LDFLAGF], ["$stunnel_LDFLAGF -fstack-protector"]) + ], [ + AC_MSG_RESULT([no]) + ]) +CFLAGS="$valid_CFLAGS"; LDFLAGS="$valid_LDFLAGS" + +AC_MSG_CHECKING([whether $CC accepts -pie]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -fPIE" +valid_LDFLAGS="$LDFLAGS"; LDFLAGS="$LDFLAGS -pie -fPIE" +AC_LINK_IFELSE([int main() {return 0;}], + [ + AC_MSG_RESULT([yes]) + AC_SUBST([stunnel_CFLAGS], ["$stunnel_CFLAGS -fPIE"]) + AC_SUBST([stunnel_LDFLAGF], ["$stunnel_LDFLAGF -pie -fPIE"]) + ], [ + AC_MSG_RESULT([no]) + ]) +CFLAGS="$valid_CFLAGS"; LDFLAGS="$valid_LDFLAGS" + +AC_MSG_CHECKING([whether $CC accepts -Wall]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -Wall" +AC_LINK_IFELSE([int main() {return 0;}], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]); CFLAGS="$valid_CFLAGS"]) + +AC_MSG_CHECKING([whether $CC accepts -Wextra]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -Wextra" +AC_LINK_IFELSE([int main() {return 0;}], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]); CFLAGS="$valid_CFLAGS"]) + +AC_MSG_CHECKING([whether $CC accepts -Wno-long-long]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -Wno-long-long" +AC_LINK_IFELSE([int main() {return 0;}], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]); CFLAGS="$valid_CFLAGS"]) + +AC_MSG_CHECKING([whether $CC accepts -pedantic]) +valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -pedantic" +AC_LINK_IFELSE([int main() {return 0;}], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]); CFLAGS="$valid_CFLAGS"]) + +AC_MSG_NOTICE([**************************************** libtool]) +LT_INIT([disable-static]) +AC_SUBST([LIBTOOL_DEPS]) + +AC_MSG_NOTICE([**************************************** types]) +AC_CHECK_SIZEOF(unsigned char) +AC_CHECK_SIZEOF(unsigned short) +AC_CHECK_SIZEOF(unsigned int) +AC_CHECK_SIZEOF(unsigned long) + +AC_MSG_CHECKING([for socklen_t]) +AC_EGREP_HEADER(socklen_t, sys/socket.h, + AC_MSG_RESULT([yes]), + AC_MSG_RESULT([no (defined as int)]) + AC_DEFINE([socklen_t], [int], [Type of socklen_t])) + +AC_CHECK_TYPES([struct sockaddr_un], [], [], [#include ]) +AC_CHECK_TYPES([struct addrinfo], [], [], [#include ]) + +AC_MSG_NOTICE([**************************************** PTY device files]) +if test "$cross_compiling" = "no"; then + AC_CHECK_FILE("/dev/ptmx", AC_DEFINE([HAVE_DEV_PTMX], [1], + [Define to 1 if you have '/dev/ptmx' device.])) + AC_CHECK_FILE("/dev/ptc", AC_DEFINE([HAVE_DEV_PTS_AND_PTC], [1], + [Define to 1 if you have '/dev/ptc' device.])) +else + AC_MSG_WARN([cross-compilation: assuming /dev/ptmx and /dev/ptc are not available]) +fi + +AC_MSG_NOTICE([**************************************** entropy sources]) + +if test "$cross_compiling" = "no"; then + AC_ARG_WITH(egd-socket, + [ --with-egd-socket=FILE Entropy Gathering Daemon socket path], + [EGD_SOCKET="$withval"] + ) + if test -n "$EGD_SOCKET"; then + AC_DEFINE_UNQUOTED([EGD_SOCKET], ["$EGD_SOCKET"], [Entropy Gathering Daemon socket path]) + fi + + # Check for user-specified random device + AC_ARG_WITH(random, + [ --with-random=FILE read randomness from file (default=/dev/urandom)], + [RANDOM_FILE="$withval"], + [ + # Check for random device + AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom") + ] + ) + if test -n "$RANDOM_FILE"; then + AC_SUBST([RANDOM_FILE]) + AC_DEFINE_UNQUOTED([RANDOM_FILE], ["$RANDOM_FILE"], [Random file path]) + fi +else + AC_MSG_WARN([cross-compilation: assuming entropy sources are not available]) +fi + +AC_MSG_NOTICE([**************************************** default group]) +DEFAULT_GROUP=nobody +if test "$cross_compiling" = "no"; then + grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup +else + AC_MSG_WARN([cross-compilation: assuming nogroup is not available]) +fi +AC_MSG_CHECKING([for default group]) +AC_MSG_RESULT([$DEFAULT_GROUP]) +AC_SUBST([DEFAULT_GROUP]) + +AC_MSG_NOTICE([**************************************** header files]) +# AC_HEADER_DIRENT +# AC_HEADER_STDC +# AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS([malloc.h ucontext.h pthread.h poll.h tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h]) +AC_CHECK_HEADERS([sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h]) +AC_CHECK_MEMBERS([struct msghdr.msg_control], + [AC_DEFINE([HAVE_MSGHDR_MSG_CONTROL], [1], + [Define to 1 if you have 'msghdr.msg_control' structure.])], [], [ +AC_INCLUDES_DEFAULT +#include + ]) +AC_CHECK_HEADERS([linux/netfilter_ipv4.h], , , + [ +#include +#include +#include +#include + ]) + +AC_MSG_NOTICE([**************************************** libraries]) +# Checks for standard libraries +AC_SEARCH_LIBS([gethostbyname], [nsl]) +AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) +AC_SEARCH_LIBS([socket], [socket]) +AC_SEARCH_LIBS([openpty], [util]) +# Checks for dynamic loader and zlib needed by OpenSSL +AC_SEARCH_LIBS([dlopen], [dl]) +AC_SEARCH_LIBS([shl_load], [dld]) +AC_SEARCH_LIBS([inflateEnd], [z]) + +# Add BeOS libraries +if test "$host_os" = "beos"; then + LIBS="$LIBS -lbe -lroot -lbind" +fi + +AC_MSG_NOTICE([**************************************** thread model]) + +checkpthreadlib() { : + # 1. BSD hack: attempt to use alternative libc implementation if available + AC_CHECK_LIB([c_r], [pthread_create], + [ + LIBS="$LIBS -pthread" + HAVE_LIBPTHREAD="yes" + AC_DEFINE([HAVE_LIBPTHREAD], [1], [Define to 1 if you have 'libpthread' library.]) + ] + ) + + # 2. try to use from standard libc (required by Android and possibly other platforms) + AC_CHECK_LIB([c], [pthread_create], + [ + HAVE_LIBPTHREAD="yes" + AC_DEFINE([HAVE_LIBPTHREAD], [1], [Define to 1 if you have 'libpthread' library.]) + ] + ) + + # 3. try libpthread: OSF hack instead of simple AC_CHECK_LIB here + AC_MSG_CHECKING([for pthread_create in -lpthread]) + valid_LIBS="$LIBS" + LIBS="$valid_LIBS -lpthread" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [ +#include + ], + [ +pthread_create((void *)0, (void *)0, (void *)0, (void *)0) + ] + )], + [ + AC_MSG_RESULT([yes]) + HAVE_LIBPTHREAD="yes" + AC_DEFINE([HAVE_LIBPTHREAD], [1], [Define to 1 if you have 'libpthread' library.]) + ], [ + AC_MSG_RESULT([no]) + LIBS="$valid_LIBS" + ] + ) +} + +AC_ARG_WITH(threads, +[ --with-threads=model select threading model (ucontext/pthread/fork)], +[ + case "$withval" in + ucontext) + AC_MSG_NOTICE([UCONTEXT mode selected]) + AC_DEFINE([USE_UCONTEXT], [1], [Define to 1 to select UCONTEXT mode]) + ;; + pthread) + checkpthreadlib + AC_MSG_NOTICE([PTHREAD mode selected]) + AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode]) + ;; + fork) + AC_MSG_NOTICE([FORK mode selected]) + AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode]) + ;; + *) + AC_MSG_ERROR([Unknown thread model \"${withval}\"]) + ;; + esac +], [ + checkpthreadlib + if test "$HAVE_LIBPTHREAD" = "yes" -a "$ac_cv_header_pthread_h" = "yes"; then + AC_MSG_NOTICE([PTHREAD thread model detected]) + AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode]) + elif test "$ac_cv_func_getcontext" = "yes" -a "$ac_cv_header_ucontext_h" = "yes"; then + AC_MSG_NOTICE([UCONTEXT thread model detected]) + AC_DEFINE([USE_UCONTEXT], [1], [Define to 1 to select UCONTEXT mode]) + else + AC_MSG_NOTICE([FORK thread model detected]) + AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode]) + fi +]) + +AC_MSG_NOTICE([**************************************** library functions]) +# safe string operations +AC_CHECK_FUNCS(snprintf vsnprintf) +# pseudoterminal +AC_CHECK_FUNCS(openpty _getpty) +# Unix +AC_CHECK_FUNCS(daemon waitpid wait4 setsid setgroups chroot) +# limits +AC_CHECK_FUNCS(sysconf getrlimit) +# threads/reentrant functions +AC_CHECK_FUNCS(pthread_sigmask localtime_r) +# threads +AC_CHECK_FUNCS(getcontext __makecontext_v2) +# sockets +AC_CHECK_FUNCS(poll gethostbyname2 endhostent getnameinfo) +AC_MSG_CHECKING([for getaddrinfo]) +case "$host_os" in +*androideabi*) + # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo + AC_MSG_RESULT([no (buggy Android implementation)]) + ;; +*) + # Tru64 UNIX has getaddrinfo() but has it renamed in libc as + # something else so we must include to get the + # redefinition. + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [ +AC_INCLUDES_DEFAULT +#include +#include + ], + [ +getaddrinfo(NULL, NULL, NULL, NULL); + ],)], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_GETADDRINFO], [1], [Define to 1 if you have 'getaddrinfo' function.])], + [AC_MSG_RESULT([no])]) + ;; +esac +# poll() is not recommended on Mac OS X <=10.3 and broken on Mac OS X >=10.4 +AC_MSG_CHECKING([for broken poll() implementation]) +case "$host_os" in +darwin*) + AC_MSG_RESULT([yes (poll() disabled)]) + AC_DEFINE([BROKEN_POLL], [1], [Define to 1 if you have a broken 'poll' implementation.]) + ;; +*) + AC_MSG_RESULT([no]) + ;; +esac +# GNU extensions +AC_CHECK_FUNCS(pipe2 accept4) + +AC_MSG_NOTICE([**************************************** optional features]) +# Use IPv6? +AC_MSG_CHECKING([whether to enable IPv6 support]) +AC_ARG_ENABLE(ipv6, +[ --enable-ipv6 Enable IPv6 support], + [ + case "$enableval" in + yes) AC_MSG_RESULT([yes]) + AC_DEFINE([USE_IPv6], [1], [Define to 1 to enable IPv6 support]) + ;; + no) AC_MSG_RESULT([no]) + ;; + *) AC_MSG_RESULT([error]) + AC_MSG_ERROR([bad value \"${enableval}\"]) + ;; + esac + ], + [AC_MSG_RESULT([yes]); AC_DEFINE([USE_IPv6], [1], [Define to 1 to enable IPv6 support])], + [AC_MSG_RESULT([no])] +) + +# Disable use of libwrap (TCP wrappers) +# it should be the last check! +AC_MSG_CHECKING([whether to disable TCP wrappers library support]) +AC_ARG_ENABLE(libwrap, +[ --disable-libwrap Disable TCP wrappers library support], + [ + case "$enableval" in + yes) AC_MSG_RESULT([no]) + AC_DEFINE([HAVE_LIBWRAP], [1], [Define to 1 if you have 'libwrap' library.]) + LIBS="$LIBS -lwrap" + ;; + no) AC_MSG_RESULT([yes]) + ;; + *) AC_MSG_RESULT([error]) + AC_MSG_ERROR([Bad value \"${enableval}\"]) + ;; + esac + ], + [ + AC_MSG_RESULT([autodetecting]) + AC_MSG_CHECKING([for hosts_access in -lwrap]) + valid_LIBS="$LIBS" + LIBS="$valid_LIBS -lwrap" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [ +int hosts_access(); int allow_severity, deny_severity; + ], + [ +hosts_access() + ] + )], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_LIBWRAP], [1], [Define to 1 if you have 'libwrap' library.])], + [AC_MSG_RESULT([no]); LIBS="$valid_LIBS"] + ) + ] +) + +# FIPS Mode +AC_MSG_CHECKING([whether to enable FIPS mode support]) +AC_ARG_ENABLE(fips, +[ --enable-fips Enable OpenSSL FIPS mode], + [ + case "$enableval" in + yes) AC_MSG_RESULT([yes]) + sub_dirs="/ssl/fips /ssl/fips-1.0 /" + fips="yes" + AC_DEFINE([USE_FIPS], [1], [Define to 1 to enable OpenSSL FIPS mode]) + ;; + no) AC_MSG_RESULT([no]) + sub_dirs="/ssl /openssl /" + fips="no" + ;; + *) AC_MSG_RESULT([error]) + AC_MSG_ERROR([bad value \"${enableval}\"]) + ;; + esac + ], + [ + sub_dirs="/ssl/fips /ssl/fips-1.0 /ssl /openssl /" + fips="auto" + AC_MSG_RESULT([autodetecting]) + ] +) + +AC_MSG_NOTICE([**************************************** SSL]) +check_ssl_dir() { : + SSLDIR="$1" + if test -f "$1/include/openssl/ssl.h"; then + return 0 + fi + return 1 +} + +# Check for SSL directory +AC_MSG_CHECKING([for SSL directory]) +AC_ARG_WITH(ssl, +[ --with-ssl=DIR location of installed SSL libraries/include files], + [ + check_ssl_dir "$withval" + ], + [ + for main_dir in /usr/local /usr/lib /usr/pkg /opt/local /opt /usr; do + for sub_dir in $sub_dirs; do + check_ssl_dir "$main_dir$sub_dir" && break 2 + done + done + ] +) +if test ! -d "$SSLDIR"; then +AC_MSG_RESULT([not found]) +AC_MSG_ERROR([ +Couldn't find your SSL library installation dir +Use --with-ssl option to fix this problem +]) +fi +AC_MSG_RESULT([$SSLDIR]) +AC_SUBST([SSLDIR]) +AC_DEFINE_UNQUOTED([SSLDIR], ["$SSLDIR"], [SSL directory]) + +valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" +valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" + +AC_CHECK_HEADER([$SSLDIR/include/openssl/engine.h], + [AC_DEFINE([HAVE_OSSL_ENGINE_H], [1], [Define to 1 if you have header file.])], + [AC_MSG_WARN([OpenSSL engine header not found])]) + +AC_CHECK_HEADER([$SSLDIR/include/openssl/ocsp.h], + [AC_DEFINE([HAVE_OSSL_OCSP_H], [1], [Define to 1 if you have header file.])], + [AC_MSG_WARN([OpenSSL ocsp header not found])]) + +AC_MSG_CHECKING([for FIPS_mode_set]) +if test "$fips" = "auto"; then + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [ +#include + ], + [ +FIPS_mode_set(1); + ], + )], + [AC_MSG_RESULT([yes]) + AC_DEFINE([USE_FIPS], [1], [Define to 1 to enable OpenSSL FIPS mode.]) + ], [ + AC_MSG_RESULT([no]) + ] + ) +else + AC_MSG_RESULT([test skipped]) +fi + +CPPFLAGS="$valid_CPPFLAGS" +LIBS="$valid_LIBS" + +AC_MSG_NOTICE([**************************************** write the results]) +AC_CONFIG_FILES([Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init tools/stunnel.service]) +AC_OUTPUT + +AC_MSG_NOTICE([**************************************** success]) +# End of configure.ac diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..f1f6938 --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,21 @@ +## Process this file with automake to produce Makefile.in + +EXTRA_DIST = stunnel.pod stunnel.pl.pod stunnel.fr.pod \ + stunnel.8 stunnel.pl.8 stunnel.fr.8 \ + stunnel.html stunnel.pl.html stunnel.fr.html en pl + +man_MANS = stunnel.8 stunnel.pl.8 stunnel.fr.8 + +docdir = $(datadir)/doc/stunnel +doc_DATA = stunnel.html stunnel.pl.html stunnel.fr.html + +SUFFIXES = .pod .8 .html + +.pod.8: + pod2man -u --section=8 --release=$(VERSION) --center=stunnel \ + --date=`date +%Y.%m.%d` $< $@ + +.pod.html: + pod2html --noindex --title stunnel.8 --infile=$< --outfile=$@ + rm -f pod2htmd.tmp pod2htmi.tmp + diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..0b4687d --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,478 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +man8dir = $(mandir)/man8 +am__installdirs = "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)" +NROFF = nroff +MANS = $(man_MANS) +DATA = $(doc_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_GROUP = @DEFAULT_GROUP@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIBTOOL_DEPS = @LIBTOOL_DEPS@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANDOM_FILE = @RANDOM_FILE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SSLDIR = @SSLDIR@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = $(datadir)/doc/stunnel +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +stunnel_CFLAGS = @stunnel_CFLAGS@ +stunnel_LDFLAGF = @stunnel_LDFLAGF@ +stunnel_LDFLAGS = @stunnel_LDFLAGS@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = stunnel.pod stunnel.pl.pod stunnel.fr.pod \ + stunnel.8 stunnel.pl.8 stunnel.fr.8 \ + stunnel.html stunnel.pl.html stunnel.fr.html en pl + +man_MANS = stunnel.8 stunnel.pl.8 stunnel.fr.8 +doc_DATA = stunnel.html stunnel.pl.html stunnel.fr.html +SUFFIXES = .pod .8 .html +all: all-am + +.SUFFIXES: +.SUFFIXES: .pod .8 .html +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +install-docDATA: $(doc_DATA) + @$(NORMAL_INSTALL) + test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)" + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ + done + +uninstall-docDATA: + @$(NORMAL_UNINSTALL) + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(docdir)" && rm -f $$files +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(docdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-docDATA install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-docDATA uninstall-man + +uninstall-man: uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-docDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man8 install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-docDATA \ + uninstall-man uninstall-man8 + + +.pod.8: + pod2man -u --section=8 --release=$(VERSION) --center=stunnel \ + --date=`date +%Y.%m.%d` $< $@ + +.pod.html: + pod2html --noindex --title stunnel.8 --infile=$< --outfile=$@ + rm -f pod2htmd.tmp pod2htmi.tmp + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/en/VNC_StunnelHOWTO.html b/doc/en/VNC_StunnelHOWTO.html new file mode 100644 index 0000000..0261c14 --- /dev/null +++ b/doc/en/VNC_StunnelHOWTO.html @@ -0,0 +1,190 @@ + + + + + + + + + + + + +

VNC +over STUNNEL with a Linux server and Windows 2000 client HOWTO

+


+

+

19 February 2001

+

ver 1.0

+

by Craig Furter and Arno van der Walt

+

contact us at cfurter@vexen.co.za +and arnovdw@mycomax.com

+


+

+


+

+

We assume that you have already +downloaded VNCServer and VNCViewer.

+


+

+

First of all there is a step by step +HOWTO and then we'll look at the theory behind all this.

+


+

+
    +
  1. Download and install openSSL, + SSLEay, and Stunnel on the Linux/Unix box. Download the modules.

    +
+

a) +[root@anthrax$]gunzip openssl-x.xx.tar.gz (repeat for all 3 the +modules)

+

b) +[root@anthrax$]tar – xvf openssl-x.xx.tar (repeat for all 3 the +modules)

+


+

+
    +
  1. Copy the following to Notepad and + save the file as VNCRegEdit.REG on the Windows 2000 box

    +
+

--cut here and copy +to VNCRegEdit.REG the double click file to +import--
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]
AllowLoopback=dword:00000001

[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default]
AllowLoopback=dword:00000001
--stop +here--

+

+


+

+
    +
  1. Install Stunnel on the Windows + 2000 machine by copying the following files to your \WINNT\SYSTEM32\ + directory

    +
+

a)libeay32.dll

+

b)libssl.dll

+

c)stunnel.pem

+


+

+
    +
  1. On the Linux box execute the + following command as root and let it run in its own terminal.

    +
+

./stunnel -d 5900 +-r 5901

+


+

+
    +
  1. Execute vncserver (it should run + as display:1 when you execute the ps aux |grep vnc command)

    +
+


+

+
    +
  1. Now on the Windows 2000 machine + execute the following command and let it run in its own terminal.

    +
+

stunnel -d 5900 -r +unix.ip.adress:5900 -c

+

.

+
    +
  1. And on the Windows 2000 machine + open VNCviewer and connect to localhost specifying no display

    +
+

ie. 10.10.1.53 in +the window

+


+

+
    +
  1. For each additional display repeat + steps 4 – 6 and increment the specified ports with 2 ie. The + Linux command will look as follows:

    +
+

./stunnel -d 5902 +-r 5903 +

+

and the Windows +2000 command as follows: +

+

stunnel -d 5902 -r +unix.ip.adress:5902

+

and remember to +start another vncserver on the Linux box for each VNC display

+


+

+


+

+
    +
  1. The display number on the + vncviewer must also be incremented with two ie:

    +
+

10.10.1.53:2 etc.

+


+

+

The THEORY

+


+

+

Tunneling:

+


+

+

What this means is that software +(daemon) runs on the client and server machine. In this case, the +Windows 2000 machine is the client and the server is the *NIX +machine. Stunnel will then run as client on Windows 2000 and server +mode on the UNIX box.

eg:
Windows:
stunnel -d 5900 -r +unix.ip.address:5900 -c

UNIX
stunnel -d 5900 -r 5901

This +means that connecting to VNC display 0 in the localhost will transfer +all the calls to the *NIX machine on display 1. So the VNC server on +the *NIX machine must be running on display 1. Not display 0. If you +run stunnel before VNC, VNC will automatically move to display 1 +noticing that port 5900 ("display" 0) is already in +use).

What happens now is that when you connect to port 5900 +on the Windows machine via an "unsecured" connection, a +secure "tunnel" is opened from Windows 2000 to the *NIX +machine on port 5900. The *NIX machine then opens a "unsecured" +connection to itself on port 5901. We now have a secure tunnel +available.

+


+

+

A bit about VNC and displays

+


+

+

The -d is the listening IPaddress:port +and the -r is the remote IPaddress:port. VNC uses port 5900 for +display 0. That means that display 1 will be 5901. If you want VNC +server to listen for a connection on port 80 then the display number +will be 80 - 5900 = -5820. If you want VNC server to
listen on +port 14000 then the display number is 14000 - 5900 = 8100.

So +all you have to do is run stunnel on the UNIX machine and VNC on the +desired "display" number.

+


+

+

VNC on the Windows 2000 machine

+


+

+

To connect from the client machine you +need to enter the client machines IP address and the "display" +(from the port conversion). But VNC will think that you are trying to +connect to the local machine and does not allow this. To override +this add the following to you registry.

--cut here and copy to +anything.reg. the double click file to +import--
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]
AllowLoopback=dword:00000001

[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default]
AllowLoopback=dword:00000001
--stop +here--

Now VNC will not complain. So you need to always run +stunnel in client mode on the Windows machine and then connect with +VNCViewer to the localhost on the correct "display". By the +way, *NIX doesn't complain about this. There is no setting needed if +*NIX to *NIX.

+


+

+

VNC's Java client

+


+

+

Unfortunately this will not work well +with the build in web version. If you did not known about it, try +http'ing into a machine running VNC server on it, to port 58XX (where +XX is the display number), and the Java client will be loaded.

+

+ + \ No newline at end of file diff --git a/doc/pl/faq.stunnel-2.html b/doc/pl/faq.stunnel-2.html new file mode 100644 index 0000000..275f400 --- /dev/null +++ b/doc/pl/faq.stunnel-2.html @@ -0,0 +1,143 @@ + + + + Gdy pojawiaj si kopoty + + +Q: Prbuje kompilowa stunnel jednak dostaje +nastpujce komunikaty: +
stunnel.c:69: ssl.h: No such file or directory +
stunnel.c:71: bio.h: No such file or directory +
stunnel.c:72: pem.h: No such file or directory +
make: *** [stunnel.o] Error 1 + +

A: S dwie prawdopodobne przyczyny: nie masz zainstalowanego +w systemie pakietu SSLeay lub pakiet nie znajduje sie w miejscu domylnym +czyli /usr/local/ssl. Naley zainstalowa SSLeay lub te poprawi +Makefile tak by cieka bya prawidowa. +
+


+
Q:  Prbuje uruchomi stunnel jako wrapper dla httpd. Po +wydaniu komendy: stunnel 443 @localhost:80 demon si nie uruchamia +a w syslogu pojawia si komunikat "stunnel[2481]: getpeername: Socket +operation on non-socket (88)" + +

A: Jest to bd charakterystyczny dla Linuxa. Naley w pliku +stunnel.c zmieni lini #define INET_SOCKET_PAIR 1 na +
#define INET_SOCKET_PAIR 0 i zrekompilowa program ponownie. +
+


+
Q: Stunnel nadal si nie uruchamia a w syslogu pojawia si komunikat +"stunnel[2525]: /usr/local/ssl/certs/localhost:80.pem: No such file +or directory (2)" + +

A: Nie posiadasz odpowiedniego certyfikatu dla demona. Stunnel +w celu poprawnego dziaania MUSI posiada certyfikat. W celu wygenerowania +odpowiedniego certyfikatu naley wyda komende: /usr/local/ssl/bin/ssleay +req -new -x509 -nodes -out server.pem -days 365 -keyout server.pem  +bd te uy Makefile doczonego do programu stunnel i przy pomocy +komendy make cert stworzy certyfikat. Tak utworzony certyfikat (server.pem) +naley umieci w katalogu /usr/local/ssl/certs i utworzy do odpowiednie +linki lub zmie nazw certyfikatu na wymagan przez stunnel. +
+


+
Q: Wygenerowaem odpowiedni certyfikat przy pomocy skryptu CA.sh, +a stunnel przy starcie prosi o podanie hasa. Jak mona przekaza +haso zabezpieczajce certyfikat do programu ? + +

A: W chwili obecnej jest to niemoliwe. Certyfikaty ktrymi posuguje +sie stunnel nie mog by zabezpieczane hasem. Przy tworzeniu certyfikatu +naley uy opcji -nodes (lub utworzy certyfikat przy pomocy makefile +odstarczonego z programem). +
+


+
Q: Po uruchomieniu programu stunnel w syslogu pojawia si komunikat: +"stunnel[2805]: WARNING: Wrong permissions on /usr/local/ssl/certs/localhost:80.pem". +Co jest nie tak ? + +

A: To tylko ostrzeenie ! Certyfikat nie powien da si odczyta +przez innych uytkownikw systemu. Prawidowe prawa dostpu powinny by +nastpujce: -rw------   1 root     root         +1370 Nov 8 1997  server.pem (jeli uruchamiajcym stunnel jest +root). +
+


+
Q: Probowaem zrobi tunelowanie poczenia do demona pop3. +Pomimo zrobienia prawidowego wpisu do inetd.conf +
"spop3  stream  tcp  nowait  root  /usr/sbin/stunnel  +qpopper -s" stunnel nie dziaa a w syslogu pojawia si komunikat: +
inetd[2949]: spop3/tcp: unknown service. + +

A: Nie zrobie dodatkowych wpisw do pliku /etc/services. +Zgodnie z rfc???? prawidowymi portami na ktrych dziaaj demony posugujce +si SSL s: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
https443/tcp# HTTP over SSL 
ssmtp465/tcp# SMTP over SSL 
snews563/tcp# NNTP over SSL 
ssl-ldap636/tcp# LDAP over SSL 
simap993/tcp# IMAP over SSL 
spop3995/tcp# POP-3 over SSL 
+Jeli nie chesz robi poprawek zamiast nazwy serwisu uyj numeru portu +na ktrym on dziaa. +
+


+
Q: Dobrze, zrobiem wymagany wpis lecz w dalszym ciagu stunnel +nie dziaa, natomiast w syslogu pojawia sie wpis: +
 stunnel[3015]: execvp: No such file or directory (2). Co +jeszcze jest nie tak ? + +

A:  Prawdopodone s dwie przyczyny: pierwsza w twoim systemie +nie ma demona dla ktorego zrobie wpis w inetd.conf, +
(spop3  stream  tcp  nowait  root  /usr/sbin/stunnel  +qpopper -s) lub te dany program jest w systemie, jednak cieka dostpu +do niego nie jest wymieniona w zmiennej systemowej $PATH. Naley +wic poprawi zapis w inetd.conf uzupeniajc o pena cieke dostpu do +demona np.  spop3  stream  tcp  nowait  root  +/usr/sbin/stunnel  /usr/sbin/qpopper -s +
  +
  + + diff --git a/doc/pl/tworzenie_certyfikatow.html b/doc/pl/tworzenie_certyfikatow.html new file mode 100644 index 0000000..f38a957 --- /dev/null +++ b/doc/pl/tworzenie_certyfikatow.html @@ -0,0 +1,744 @@ + + + + + Wszystko co powiniene wiedzie o tworzeniu certyfikatw ale nie chce Ci si poszuka w dokumentacji + + + +

+

+Wszystko co powiniene wiedzie o tworzeniu certyfikatw +ale nie chce Ci si

+ +
+

+poszuka w dokumentacji.

+  + +

Co powinno znajdowa si na Twoim dysku zamin zostaniesz +"Certificate Authorities". + +

Podstawowym oprogramowaniem jest oczywicie openssl. +W tym miejscu naley zachowa czujno +
bo openssl MUSI by co najmniej w wersji 0.9.2b dziki czemu +ominie Ci cz karkoomnych +
operacji przy pomocy pcks12 +ktory take musisz posiada w swoich zasobach dyskowych. +
Jeli masz ju zainstalowane powysze oprogramowanie moesz zacz +tworzy certyfikaty. + +

Konfiguracja openssl. + +

Zakadam ze openssl jest zainstalowany standardowo czyli w /usr/local/ssl. +Pierwszym krokiem jest +
przejrzenie i "dokonfigurowanie" /usr/local/ssl/lib/openssl.cnf. +Mj domowy konfig wyglda nastpujco +
(kolorem czerwonym zaznaczylem opcje ktre raczej powiniene zmieni) +: +
jeli nie chce Ci si tego +czyta to skocz na koniec konfiga + +

# +
# OpenSSL example configuration file. +
# This is mostly being used for generation of certificate requests. +
# +
  +
RANDFILE                += $ENV::HOME/.rnd +
oid_file                += $ENV::HOME/.oid +
oid_section             += new_oids +
  +
[ new_oids ] +
  +
# We can add new OIDs in here for use by 'ca' and 'req'. +
# Add a simple OID like this: +
# testoid1=1.2.3.4 +
# Or use config file substitution like this: +
# testoid2=${testoid1}.5.6 +
  +
#################################################################### +
[ ca ] +
default_ca      = CA_default            +# The default ca section +
  +
#################################################################### +
[ CA_default ] +
  +
dir             += ./demoCA              +# Where everything is kept +
certs           += $dir/certs            +# Where the issued certs are kept +
crl_dir         = $dir/crl              +# Where the issued crl are kept +
database        = $dir/index.txt        +# database index file. +
new_certs_dir   = $dir/newcerts         +# default place for new certs. +
  +
certificate     = $dir/cacert.pem       +# The CA certificate +
serial          = $dir/serial           +# The current serial number +
crl             += $dir/crl.pem          # +The current CRL +
private_key     = $dir/private/cakey.pem# The +private key +
RANDFILE        = $dir/private/.rand    +# private random number file +
  +
x509_extensions = usr_cert              +# The extentions to add to the cert +
crl_extensions  = crl_ext               +# Extensions to add to CRL +
default_days    = 365                   +# how long to certify for +
default_crl_days= 30                    +# how long before next CRL +
default_md      = md5                   +# which md to use. +
preserve        = no                    +# keep passed DN ordering +
  +
# A few difference way of specifying how similar the request should +look +
# For type CA, the listed attributes must be the same, and the optional +
# and supplied fields are just that :-) +
policy          = policy_match +
# For the CA policy +
[ policy_match ] +
countryName             += match +
stateOrProvinceName     = match +
organizationName        = match +
organizationalUnitName  = optional +
commonName              += supplied +
emailAddress            += optional +
  +
# For the 'anything' policy +
# At this point in time, you must list all acceptable 'object' +
# types. +
[ policy_anything ] +
countryName             += optional +
stateOrProvinceName     = optional +
localityName            += optional +
organizationName        = optional +
organizationalUnitName  = optional +
commonName              += supplied +
emailAddress            += optional +
  +
#################################################################### +
[ req ] +
default_bits             += 1024 +
default_keyfile         += privkey.pem +
distinguished_name      = req_distinguished_name +
attributes                      += req_attributes +
x509_extensions = v3_ca # The extentions to add to the self signed +cert +
  +
[ req_distinguished_name ] +
countryName                     += Country Name (2 letter code) +
countryName_default             += PL +
countryName_min                  += 2 +
countryName_max                 += 2 +
  +
stateOrProvinceName                  += State i Prowincja +
stateOrProvinceName_default     = State-Prowincja +domyslna +
localityName                         += Locality Name (eg, city) +
localityName_default            += Lodz +
  +
0.organizationName                   += Organization Name (eg, company) +
0.organizationName_default      = Nawza +Organizacji +
  +
# we can do this but it is not needed normally :-) +
#1.organizationName             += Second Organization Name (eg, company) +
#1.organizationName_default     = World Wide +Web Pty Ltd +
organizationalUnitName               += Organizational Unit Name (eg, section) +
organizationalUnitName_default  = Unit +name domyslny +
  +
commonName                      += Common Name (eg, YOUR name) +
commonName_max                  += 64 +
  +
emailAddress                    += Email Address +
emailAddress_max           += 40 +
  +
# SET-ex3                       += SET extension number 3 +
  +
[ req_attributes ] +
challengePassword               += A challenge password +
challengePassword_min       = 4 +
challengePassword_max       = 20 +
  +
unstructuredName                += An optional company name +
  +
[ usr_cert ] +
  +
# These extensions are added when 'ca' signs a request. +
  +
# This goes against PKIX guidelines but some CAs do it and some +software +
# requires this to avoid interpreting an end user certificate as +a CA. +
  +
basicConstraints=CA:FALSE +
  +
# Here are some examples of the usage of nsCertType. If it is omitted +
# the certificate can be used for anything *except* object signing. +
  +
# This is OK for an SSL server. +
#nsCertType                     += server +
  +
# For an object signing certificate this would be used. +
#nsCertType = objsign +
  +
# For normal client use this is typical +
nsCertType = client, email +
  +
# This is typical also +
  +
keyUsage = nonRepudiation, digitalSignature, keyEncipherment +
  +
nsComment                       += "OpenSSL Generated Certificate" +
  +
# PKIX recommendations +
subjectKeyIdentifier=hash +
authorityKeyIdentifier=keyid,issuer:always +
# Import the email address. +
  +
subjectAltName=email:copy +
  +
# Copy subject details +
  +
issuerAltName=issuer:copy +
  +
#nsCaRevocationUrl              += http://www.domain.dom/ca-crl.pem +
#nsBaseUrl +
#nsRevocationUrl +
#nsRenewalUrl +
#nsCaPolicyUrl +
#nsSslServerName +
  +
[ v3_ca] +
  +
# Extensions for a typical CA +
  +
# It's a CA certificate +
basicConstraints = CA:true +
  +
# PKIX recommendation. +
  +
subjectKeyIdentifier=hash +
  +
authorityKeyIdentifier=keyid:always,issuer:always +
  +
# This is what PKIX recommends but some broken software chokes on +critical +
# extensions. +
#basicConstraints = critical,CA:true +
  +
# Key usage: again this should really be critical. +
keyUsage = cRLSign, keyCertSign +
  +
# Some might want this also +
nsCertType = sslCA, emailCA, objCA +
  +
# Include email address in subject alt name: another PKIX recommendation +
subjectAltName=email:copy +
# Copy issuer details +
issuerAltName=issuer:copy +
  +
# RAW DER hex encoding of an extension: beware experts only! +
# 1.2.3.5=RAW:02:03 +
# You can even override a supported extension: +
# basicConstraints= critical, RAW:30:03:01:01:FF +
  +
[ crl_ext ] +
  +
# CRL extensions. +
# Only issuerAltName and authorityKeyIdentifier make any sense in +a CRL. + +

issuerAltName=issuer:copy +
authorityKeyIdentifier=keyid:always,issuer:always +
################################################################################ +
########## koniec pliku openssl.cnf + +

Jak wida zmiany s praktycznie kosmetyczne.  +Naley zwrcic jedynie uwag na opcj default_bits w +sekcji req. +
W momencie generowania certyfikatu CA powinna mie ona warto 1024 +lub wicej, natomiast w trakcie tworzenia +
certyfikatw klienckich winno mie si na uwadze wredn cech produktw +M$ dostpnych poza granicami USA. +
Nie s one w stanie zaimportowa kluczy majcych wicej ni 512 bitw. +W takim przypadku default_bits naley +
zmniejszy do tej wartoci. Jeli chodzi o Netscapa konieczno taka +nie wystpuje, nawet gdy nie jest on +
patchowany przy pomocy Fortify. +Jednake klucz nie powinien by wikszy ni 1024 bity. + +

Generowanie certyfikatu CA + +

Pierwszy czynnoci jak naley wykona jest wygenerowanie certyfikatu +CA czyli czego czym bd +
podpiswane certyfikaty udostpniane klientom. Uruchom rxvt lub co +innego i wykonaj polecenie: + +

adas:~# cd /usr/local/ssl/bin +
adas:/usr/local/ssl/bin# ./CA.pl -newca + +

CA certificate filename (or enter to create) + +

Making CA certificate ... +
Using configuration from /usr/local/ssl/lib/openssl.cnf +
Generating a 1024 bit RSA private key +
..+++++ +
....+++++ +
writing new private key to './demoCA/private/cakey.pem' +
Enter PEM pass phrase: +
Verifying password - Enter PEM pass phrase: +
----- +
You are about to be asked to enter information that will be incorporated +
into your certificate request. +
What you are about to enter is what is called a Distinguished Name +or a DN. +
There are quite a few fields but you can leave some blank +
For some fields there will be a default value, +
If you enter '.', the field will be left blank. +
----- +
Country Name (2 letter code) [PL]: +
State i Prowincja [Kraina Bezrobotnych Szwaczek]: +
Locality Name (eg, city) [Lodz]: +
Organization Name (eg, company) [Instytut Badan Czarow i Magii]: +
Organizational Unit Name (eg, section) [Komorka d/s Egzorcyzmow +i Opentan]: +
Common Name (eg, YOUR name) []:Adam Hernik +
Email Address []:adas@infocentrum.com + +

adas:/usr/local/ssl/bin# + +

Skrypt CA.pl uruchomiony poraz pierwszy tworzy w /usr/local/ssl/bin +katalog o nazwie demoCA w ktrym znajduje si +
wygenerowany przed chwil certyfikat publiczny cacert.pem (doczany +pniej do certyfikatw klienckich) oraz tajny +
zabezpieczony hasem klucz cakey.pem +ktrym bdziesz podpisywa certyfikaty wydawane uytkownikom. Klucz i haso +
oczywicie naley dobrze chroni i najlepiej jest gdy znajduje si +na serwerze tylko w momencie generowania certyfikatu. +
Ponowne uruchomienie CA.pl z parametrem -newca niszczy to co pracowicie +stworzye i generuje nowy klucz i certyfikat. +
  + +

Tworzenie certyfikatu dla stunnela i innych serwerw +
  + +

Zanim si do tego zabierzesz powiniene lekko zmodyfikowac skrypt CA.pl +oraz plik konfiguracyjny openssl.cnf. +
Skopiuj je odpowiednio do plikw /usr/local/ssl/bin/CAserv.pl +i /usr/local/ssl/lib/openssl_serv.cnf. +
Generowane certyfikaty domylnie zabezpieczone s hasem, w takim przypadku +w momencie startu stunnela zawsze +
bdziesz pytany o haslo zabezpieczajce, co skutecznie uniemoliwi +automatyczne uruchamianie programu w czasie +
bootowania  serwera, czy te przy prbie wystartowania go przez +inetd. Naley poprawi linie 40 i 41 skryptu +
CAserv.pl z + +

linia 40: +
$REQ="openssl req $SSLEAY_CONFIG"; +
na +
$REQ="openssl req -nodes -config /usr/local/ssl/lib/openssl_serv.cnf"; + +

linia 41: +
$CA="openssl ca $SSLEAY_CONFIG"; +
na +
$CA="openssl ca -config /usr/local/ssl/lib/openssl_serv.cnf"; +
  + +

Natomiast w pliku /usr/local/ssl/lib/openssl_serv.cnf nalezy  +w sekcji usr_cert "zahashowa" linijk +
nsCertType = client, email  oraz "odhashowa" +linijk nsCertType   = server . Jeli tego +nie zrobisz klient nie bdzie +
poprawnie rozpoznawa typu certyfikatu. A teraz kolej na wygenerowanie +"requestu" posyanego zazwyczaj do CA. +
Bdc w katalogu /usr/local/ssl/bin wykonaj: + +

adas:/usr/local/ssl/bin# ./CAserv.pl -newreq +
Using configuration from /usr/local/ssl/lib/openssl_serv.cnf +
Generating a 1024 bit RSA private key +
..............................+++++ +
.........+++++ +
writing new private key to 'newreq.pem' +
----- +
You are about to be asked to enter information that will be incorporated +
into your certificate request. +
What you are about to enter is what is called a Distinguished Name +or a DN. +
There are quite a few fields but you can leave some blank +
For some fields there will be a default value, +
If you enter '.', the field will be left blank. +
----- +
Country Name (2 letter code) [PL]: +
State i Prowincja [Kraina Bezrobotnych Szwaczek]:Kraina latajacych +scyzorykow +
Locality Name (eg, city) [Lodz]:Sielpia +
Organization Name (eg, company) [Instytut Badan Czarow i Magii]:Bar +Sloneczko +
Organizational Unit Name (eg, section) [Komorka d/s Egzorcyzmow +i Opentan]:Kuflownia +
Common Name (eg, YOUR name) []:adas.pl +
Email Address []:adas@adas.pl + +

Please enter the following 'extra' attributes +
to be sent with your certificate request +
A challenge password []: +
An optional company name []: +
Request (and private key) is in newreq.pem +
adas:/usr/local/ssl/bin# + +

Polem o ktrym warto wspomnie jest "Common Name" (zaznaczone na czerwono). +W trakcie generowania requestu +
naley w tym miejscu wpisa FQDN serwera na ktrym bdzie on +uywany. W przeciwnym wypadku w chwili +
poczenia klient bdzie twierdzi, e certyfikat jakim przedstawia +si serwer nie naley do niego. Unikniemy w ten +
sposb niepotrzebnego klikania. Kolejn czynnoci jest podpisanie +wygenerowanego requestu. W katalogu +
/usr/local/ssl/bin wykonaj polecenie: + +

adas:/usr/local/ssl/bin# ./CAserv.pl -sign +
Using configuration from /usr/local/ssl/lib/openssl.cnf +
Enter PEM pass phrase: +
Check that the request matches the signature +
Signature ok +
The Subjects Distinguished Name is as follows +
countryName           +:PRINTABLE:'PL' +
stateOrProvinceName   :PRINTABLE:'Kraina latajacych scyzorykow' +
localityName          +:PRINTABLE:'Sielpia' +
organizationName      :PRINTABLE:'Bar Sloneczko' +
organizationalUnitName:PRINTABLE:'Kuflownia' +
commonName            +:PRINTABLE:'adas.pl' +
emailAddress          +:IA5STRING:'adas@adas.pl' +
Certificate is to be certified until Mar 26 21:06:13 2000 GMT (365 +days) +
Sign the certificate? [y/n]:y +
  + +

1 out of 1 certificate requests certified, commit? [y/n]y +
Write out database with 1 new entries +
Data Base Updated +
Signed certificate is in newcert.pem +
adas:/usr/local/ssl/bin# + +

W trakcie podpisywania bdziesz pytany o haso zabezpieczajce klucz +prywatny CA (zaznaczone na zielono). +
Po tej operacji powiniene w katalogu /usr/local/ssl/bin otrzyma 2 +pliki: newcert.pem oraz newreq.pem. +
Zanim zaczniesz ich uywa musisz wykona jeszcze jedn operacje, a +mianowicie zorzy wszystko do kupy. +
Wykonujesz: cat newcert.pem newreq.pem > httpds.pem a nastpnie +poddajesz tak powstay certyfikat edycji. +
Naley z pliku httpds.pem naley usun wszystkie niepotrzebne informacje +tak by pozosta jedynie certyfikat oraz +
klucz prywatny. Po tej operacji plik httpds.pem powinien wyglda mniej +wicej tak: + +

issuer :/C=PL/ST=Kraina Bezrobotnych Szwaczek/L=Lodz/O=Instytut Badan +Czarow i Magii/OU=Komorka d/s Egzorcyzmow i opentan/CN=Adam Hernik/Email=adas@infocentrum.com +
subject:/C=PL/ST=Kraina latajacych scyzorykow/L=Sielpia/O=Bar Sloneczko/OU=Kuflownia/CN=adas.pl/ +
Email=adas@adas.pl +
-----BEGIN CERTIFICATE----- +
 Tu s magiczne dane +
-----END CERTIFICATE----- + +

-----BEGIN RSA PRIVATE KEY----- +
  I tu te s magiczne dane +
-----END RSA PRIVATE KEY----- + +

Spreparowany w ten sposb plik umieszczamy w katalogu /usr/local/ssl/certs +i zajmujemy si generowaniem dwu +
certyfikatw klienckich. +
  + +

Generowanie i importowanie certyfikatw klienckich +do Netscape Communikatora. +
  +
Generalnie s dwie metody tworzenia i importowania certyfikatw klienckich +do Netscapa +
Sposb pierwszy: +
Przy pomocy komendy CA.pl -newreq wygeneruj request a nastpnie +przy pomocy CA.pl -sign podpisz go. +
Pytanie o challenge password zignoruj. Kolejn czynnoci jest +scalenie i podczyszczenie certyfikatu. +
W przypadku certyfikatu klienta wane jest podanie prawidowego +adresu email ! Bez tego nie bdzie mona +
podpisywa i szyfrowa listw.  Stwrz dwa certyfikaty. Bd one +potrzebne do wyjanienia dziaania opcji -v 3 +
programu stunnel. Zakadam e pierwszy certyfikat naley do Jana Kowalskiego +jan@ibczim.pl zachowany w +
pliku jan.pem a drugi do Genowefy Pigwy pigwa@scyzoryki.pl znajdujcym +si w pliku pigwa.pem.  Przed +
zaimportowaniem plikw do Netscpea naley przekonwertowa je z formatu +PEM do PCKS12. Wykonuje si to +
przy pomocy wspomnianego na pocztku programu pcks12. Aby przekonwertowa +certyfikat Jan Kowalskiego, +
w katalogu w ktorym znajduje si plik jan.pem wykonaj: +
  + +

pkcs12 -export -name "Jan Kowalski jan@ibczim.pl" -in jan.pem -out +jan.p12 -certfile /usr/local/ssl/bin/demoCA/cacert.pem + +

(jest to jedna linia !!!) +
w wyniku czego powstanie plik jan.p12 ktry mona zaimportowa do Netscapea. +Bardzo wan opcj jest +
-certfile /usr/local/ssl/bin/demoCA/cacert.pem. Bez niej +nie bdzie mona w prawidowy sposb podpisywa listw. +
Przecznik -certfile powoduje doczenie publicznego certyfikatu CA +do certyfikatu klienta dziki czemu Netscape +
jest wstanie "wyekstrachowa" certyfikat CA i doda go do wewntrznej +bazy CA. Wykonaj powysz operacj take +
dla pigwy. Samo zaimportowanie certyfikatu jest bardzo proste wykonuje +si to klikajc w Netscape na + +

Security-> Yours -> Import a Certificate + +

Po zaimportowaniu naley w Security -> Signers zaznaczy nasz +CA certyfikat a nastpnie klikn na przycisku Edit +
oraz "zaczekowa" opcje: + +

Accept this Certificate Authority for Certifying network sites +
Accept this Certificate Authority for Certifying e-mail users + +

Od tej pory nasz certyfikat bdzie traktowany na rwni z innymi, komercyjnymi. + +

Sposb drugi: +
Polega on na wygenerowaniu i imporcie certyfikatu poprzez strone www. +Wraz z stunnelem dostarczane s +
przkadowe strony (dwie) i skrypty (dwa).  Skrypty naley raczej +traktowa jako wzorzec i kady powinien napisa +
swoje, bardziej bezpieczne. Pierwszym krokiem jest import certyfikatu +CA. Uywa si do tego strony importCA.html +
oraz skryptu importCA.sh. Sam skrypt wyglda tak: + +

#!/bin/bash + +

echo "Content-type: application/x-x509-ca-cert" +
echo +
cat /var/lib/httpds/cgi-bin/cacert.pem + +

cacert.pem jest to oczywicie certyfikat publiczny CA znajdujcy si +w katalogu /usr/local/ssl/bin/demoCA +
ktry naley przekopiowa do katalogu cgi-bin serwera httpd oraz nada +mu odpowiednie prawa dostpu. +
Po zaimportowaniu certyfikatu CA naley w Security->Signers zaznaczy +do jakich celw bdziemy uznawli +
go za wiarygodny. Do generowania certyfikatu klienta wykorzystamy pozosta +strone i skrypt. Zanim do tego dojdzie +
naley "dokonfigurowa" skrypt i stworzy potrzebne katalogi.  +W /tmp (lub w innym miejscu) nalezy stworzy +
katalog ssl a nastpnie przekopiowa do niego katalog /usr/local/bin/demoCA +oraz plik openssl.cnf. +
Jako e skrypty domylnie uruchamiane s z prawami uytkownika nobody +naley uczyni go  wlacicielem +
katalogu /tmp/ssl i caej jego zawartoci. Kolejn czynnoci jest +wygenerowanie pliku .rnd. W Linuxie robimy to +
tak: +
cat /dev/random > /tmp/ssl/.rnd +
czekamy chwilk tak by plik .rnd mia wielko okoo 1024 B po czym +wacicielem pliku robimy uytkownika nobody. +
Teraz trzeba przekonfigurowa plik /tmp/ssl/openssl.cnf + +

# +
# OpenSSL example configuration file. +
# This is mostly being used for generation of certificate requests. +
# +
  +
RANDFILE                += /tmp/ssl/.rnd +
#oid_file                += /tmp/ssl/.oid +
oid_section             += new_oids +
  +
[ new_oids ] +
  +
# We can add new OIDs in here for use by 'ca' and 'req'. +
# Add a simple OID like this: +
# testoid1=1.2.3.4 +
# Or use config file substitution like this: +
# testoid2=${testoid1}.5.6 + +

#################################################################### +
[ ca ] +
default_ca      = CA_default            +# The default ca section + +

#################################################################### +
[ CA_default ] +
  +
dir             += /tmp/ssl/demoCA               +# Where everything is kept +
certs           += $dir/certs            +# Where the issued certs are kept +
crl_dir         = $dir/crl              +# Where the issued crl are kept +
database        = $dir/index.txt        +# database index file. +
new_certs_dir   = $dir/newcerts         +# default place for new certs. +
  +
Naley zmieni opcje zaznaczone na czerwono. Ostatni czynnoci jest +sprawdzenie i ewentualne poprawienie +
strony ca.html i skryptu ca.pl. W pliku ca.html nalezy wpisa poprawn +nazw serwera na ktrym znajduje si +
skrypt ca.pl czyli linijk <FORM ACTION="http://localhost/cgi-bin/ca.pl" +METHOD=POST>. W ca.pl +
naley skontrolowa poprawno podanych cieek oraz wpisa haso jakim +zabezpieczony jest klucz prywatny CA +
(zmienna $certpass zaznaczona na czerwono). +
  + +

#!/usr/bin/perl +
#ca.pl + +

$config   = "/tmp/ssl/openssl.cnf"; +
$capath   = "/usr/local/ssl/bin/openssl ca"; +
$certpass = "tu_jest_haslo"; +
$tempca   = "/tmp/ssl/cli".rand 10000; +
$tempout  = "/tmp/ssl/certtmp".rand 10000; +
$caout    = "/tmp/ssl/certwynik.txt"; +
$CAcert   = "/tmp/ssl/demoCA/cacert.pem"; +
... +
  + +

Po umieszczeniu tak przygotowanych stron i skryptw na serwerze bdzie +mona generowa certyfikaty dla klientw. + +

Wady i zalety obydwu sposobw generowania i instalowania certyfikatw. + +

Jak wynika z powyszego opisu bezpieczniejszym +i polecanym przeze mnie jest sposb pierwszy. Jego powan wad +
jest  fakt e czowiek generujcy certyfikaty znajduje si w posiadaniu +klucza prywatnego osoby wystpujcej o +
certyfikat.  Oczywicie uczciwy CA powinien +skasowa go, zaraz po utworzeniu. W takim wypadku metoda pierwsza +
spenia  wszelkie wymogi. Sposb drugi prcz samych wad ma jedn +acz ogromn zalet. Mianowicie klucz prywatny +
klienta  nigdy nie opuszcza jego komputera. Do wad mona zaliczy +fakt e haso zabezpieczajce klucz prywatny CA +
znajduje si na serwerze i to w dodatku w aden sposb nie chronione.  +Kolejn wad jest generowanie kompletnych +
certyfikatw przez strone www, co moe grozi wykradzeniem klucza prywatnego. +Rozwizaniem moe by skadowanie +
requestw w bazie danych a nastpnie rczna ich obrbka przez administratora. +Reasumujc, sposb drugi naley +
potraktowa jako demonstracje metody ktr mona przewiczy przed +napisaniem porzdnych skryptw. +
  + +

Tajemniczy przecznik -v 3 w stunnelu + +

Stunnel posiada trzy tryby weryfikacji klienta. +
Pierwszy opcja -v 1 oznacza e naley sprbowa +zweryfikowa osob nawizujc poczenie czyli uzyska jej +
ceryfikat. Jeli operacja ta si nie powiedzie, mimo wszystko dostp +do serwera bdzie zapewniony. +
Przecznik -v 2 nakazuje stunnelowi zweryfikowa +klienta. Jeli uytkownik nie posiada certyfikatu lub certyfikat +
jest niewany, niewaciwy czy te nie posiadamy certyfikatu CA ktrym +podpisany jest certyfikat klienta +
(straszny jest ten jzyk polski) nawizanie poczenia +z serwerem bdzie niemoliwe. I wreszcie opcja -v 3 +nakazujca +
stunnelowi zweryfikowa klienta a take poszuka jego certyfikatu w +naszej lokalnej bazie. +
Dzieki opcji -v 3 moemy stworzy bardzo selektywny dostp do usug +oferowanych przez serwer, unikajc generowania duych iloci certyfikatw. +Uwaga oglna: do poprawnej weryfikacji klienta KONIECZNE +jest posiadanie certyfikatu CA ktrym podpisany  jest sprawdzany certyfikat. +Bez tego stunnel nie jest wstanie przeprowadzi poprawnej autoryzacji klienta. +Prba taka koczy si bdami "VERIFY ERROR: self signed certificate +for ....." oraz "SSL_accept: error:140890B1:SSL routines: SSL3_GET_CLIENT_CERTIFICATE:no +certificate returned". A teraz przykad praktyczny: chcemy aby do https +bdcym na porcie 444 miay dostp wszystkie osoby majce certyfikaty +natomiast +
do do https na porcie 445 dostp mia tylko Jan Kowalski. Pierwsz +czynnoci jak naley wykona jest skopiowanie +
certyfikatu CA do katalogu /usr/local/ssl/certs (default cert +area), nastpnie w tym katalogu naley utworzy +
podkatalog o  nazwie mytrusted, poczym skopiowa do niego +certyfikat klienta czyli jan.pem. Uwaga: z pliku +jan.pem +
MUSISZ usun klucz prywatny !!! Czyli  +to co si znajduje midzy + +

-----BEGIN RSA PRIVATE KEY----- +
....... +
-----END RSA PRIVATE KEY----- + +

cznie z powyszymi liniami. Nastpnie w katalogach /usr/local/ssl/certs +i /usr/local/ssl/certs/mytrusted naley +
wykona polecenie +
/usr/local/ssl/bin/c_rehash ./ +
Teraz kolej na uruchomienie stunnela: +
stunnel -d 444 -r 80 -v 2 +
oraz +
stunnel -d 445 -r 80 -v 3 +
Netscapem naley poczy sie z https://localhost:444/ a po pytaniu +o certyfikat przedstawi certyfikat nalecy +
do pigwy. Dostp do serwera bdzie zapewniony. Czynnoc t naley powtrzy +przedstawiajc si za drugim razem +
certyfikatem Jana Kowalskiego. Poczenie take bdzie zrealizowane.  +W przypadku https://localhost:445/ wejcie +
na serwer bdzie zapewnione tylko po wylegitymowaniu si certyfikatem +Jana Kowalskiego. Po kazdej zmianie w +
katalogu /usr/local/ssl/certs/mytrusted naley wykona komend c_rehash +./ i zrestartowa stunnela. +
  + + diff --git a/doc/stunnel.8 b/doc/stunnel.8 new file mode 100644 index 0000000..589d968 --- /dev/null +++ b/doc/stunnel.8 @@ -0,0 +1,930 @@ +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" ======================================================================== +.\" +.IX Title "STUNNEL 8" +.TH STUNNEL 8 "2012.01.14" "4.53" "stunnel" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +stunnel \- universal SSL tunnel +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.IP "\fBUnix:\fR" 4 +.IX Item "Unix:" +\&\fBstunnel\fR [] | \-fd n | \-help | \-version | \-sockets +.IP "\fB\s-1WIN32:\s0\fR" 4 +.IX Item "WIN32:" +\&\fBstunnel\fR [ [\-install | \-uninstall | \-start | \-stop] | \-exit] + [\-quiet] [] ] | \-help | \-version | \-sockets +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBstunnel\fR program is designed to work as \fI\s-1SSL\s0\fR encryption wrapper +between remote clients and local (\fIinetd\fR\-startable) or remote +servers. The concept is that having non-SSL aware daemons running on +your system you can easily set them up to communicate with clients over +secure \s-1SSL\s0 channels. +.PP +\&\fBstunnel\fR can be used to add \s-1SSL\s0 functionality to commonly used \fIInetd\fR +daemons like \s-1POP\-2\s0, \s-1POP\-3\s0, and \s-1IMAP\s0 servers, to standalone daemons like +\&\s-1NNTP\s0, \s-1SMTP\s0 and \s-1HTTP\s0, and in tunneling \s-1PPP\s0 over network sockets without +changes to the source code. +.PP +This product includes cryptographic software written by +Eric Young (eay@cryptsoft.com) +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "<\fBfilename\fR>" 4 +.IX Item "" +Use specified configuration file +.IP "\fB\-fd n\fR (Unix only)" 4 +.IX Item "-fd n (Unix only)" +Read the config file from specified file descriptor +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print \fBstunnel\fR help menu +.IP "\fB\-version\fR" 4 +.IX Item "-version" +Print \fBstunnel\fR version and compile time defaults +.IP "\fB\-sockets\fR" 4 +.IX Item "-sockets" +Print default socket options +.IP "\fB\-install\fR (\s-1NT/2000/XP\s0 only)" 4 +.IX Item "-install (NT/2000/XP only)" +Install \s-1NT\s0 Service +.IP "\fB\-uninstall\fR (\s-1NT/2000/XP\s0 only)" 4 +.IX Item "-uninstall (NT/2000/XP only)" +Uninstall \s-1NT\s0 Service +.IP "\fB\-start\fR (\s-1NT/2000/XP\s0 only)" 4 +.IX Item "-start (NT/2000/XP only)" +Start \s-1NT\s0 Service +.IP "\fB\-stop\fR (\s-1NT/2000/XP\s0 only)" 4 +.IX Item "-stop (NT/2000/XP only)" +Stop \s-1NT\s0 Service +.IP "\fB\-exit\fR (Win32 only)" 4 +.IX Item "-exit (Win32 only)" +Exit an already started stunnel +.IP "\fB\-quiet\fR (\s-1NT/2000/XP\s0 only)" 4 +.IX Item "-quiet (NT/2000/XP only)" +Don't display any message boxes +.SH "CONFIGURATION FILE" +.IX Header "CONFIGURATION FILE" +Each line of the configuration file can be either: +.IP "\(bu" 4 +an empty line (ignored) +.IP "\(bu" 4 +a comment starting with ';' (ignored) +.IP "\(bu" 4 +an 'option_name = option_value' pair +.IP "\(bu" 4 +\&'[service_name]' indicating a start of a service definition +.PP +An address parameter of an option may be either: +.IP "\(bu" 4 +a port number +.IP "\(bu" 4 +a colon-separated pair of \s-1IP\s0 address (either IPv4, IPv6, or domain name) and port number +.IP "\(bu" 4 +a Unix socket path (Unix only) +.SS "\s-1GLOBAL\s0 \s-1OPTIONS\s0" +.IX Subsection "GLOBAL OPTIONS" +.IP "\fBchroot\fR = directory (Unix only)" 4 +.IX Item "chroot = directory (Unix only)" +directory to chroot \fBstunnel\fR process +.Sp +\&\fBchroot\fR keeps \fBstunnel\fR in chrooted jail. \fICApath\fR, \fICRLpath\fR, \fIpid\fR +and \fIexec\fR are located inside the jail and the patches have to be relative +to the directory specified with \fBchroot\fR. +.IP "\fBcompression\fR = deflate | zlib | rle" 4 +.IX Item "compression = deflate | zlib | rle" +select data compression algorithm +.Sp +default: no compression +.Sp +deflate is the standard compression method as described in \s-1RFC\s0 1951. +.Sp +zlib compression of OpenSSL 0.9.8 or above is not backward compatible with +OpenSSL 0.9.7. +.Sp +rle compression is currently not implemented by the OpenSSL library. +.IP "\fBdebug\fR = [facility.]level" 4 +.IX Item "debug = [facility.]level" +debugging level +.Sp +Level is a one of the syslog level names or numbers +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6), or debug (7). All logs for the specified level and +all levels numerically less than it will be shown. Use \fIdebug = debug\fR or +\&\fIdebug = 7\fR for greatest debugging output. The default is notice (5). +.Sp +The syslog facility 'daemon' will be used unless a facility name is supplied. +(Facilities are not supported on Win32.) +.Sp +Case is ignored for both facilities and levels. +.IP "\fB\s-1EGD\s0\fR = egd path (Unix only)" 4 +.IX Item "EGD = egd path (Unix only)" +path to Entropy Gathering Daemon socket +.Sp +Entropy Gathering Daemon socket to use to feed OpenSSL random number +generator. (Available only if compiled with OpenSSL 0.9.5a or higher) +.IP "\fBengine\fR = auto | " 4 +.IX Item "engine = auto | " +select hardware engine +.Sp +default: software-only cryptography +.Sp +Here is an example of advanced engine configuration to read private key from an +OpenSC engine +.Sp +.Vb 7 +\& engine=dynamic +\& engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so +\& engineCtrl=ID:pkcs11 +\& engineCtrl=LIST_ADD:1 +\& engineCtrl=LOAD +\& engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc\-pkcs11.so +\& engineCtrl=INIT +\& +\& [service] +\& engineNum=1 +\& key=id_45 +.Ve +.IP "\fBengineCtrl\fR = command[:parameter]" 4 +.IX Item "engineCtrl = command[:parameter]" +control hardware engine +.Sp +Special commands \*(L"\s-1LOAD\s0\*(R" and \*(L"\s-1INIT\s0\*(R" can be used to load and initialize the +engine cryptogaphic module. +.IP "\fBfips\fR = yes | no" 4 +.IX Item "fips = yes | no" +Enable or disable \s-1FIPS\s0 140\-2 mode. +.Sp +This option allows to disable entering \s-1FIPS\s0 mode if stunnel was compiled with +\&\s-1FIPS\s0 140\-2 support. +.Sp +default: yes +.IP "\fBforeground\fR = yes | no (Unix only)" 4 +.IX Item "foreground = yes | no (Unix only)" +foreground mode +.Sp +Stay in foreground (don't fork) and log to stderr +instead of via syslog (unless \fIoutput\fR is specified). +.Sp +default: background in daemon mode +.IP "\fBoutput\fR = file" 4 +.IX Item "output = file" +append log messages to a file +.Sp +/dev/stdout device can be used to send log messages to the standard +output (for example to log them with daemontools splogger). +.IP "\fBpid\fR = file (Unix only)" 4 +.IX Item "pid = file (Unix only)" +pid file location +.Sp +If the argument is empty, then no pid file will be created. +.Sp +\&\fIpid\fR path is relative to \fIchroot\fR directory if specified. +.IP "\fBRNDbytes\fR = bytes" 4 +.IX Item "RNDbytes = bytes" +bytes to read from random seed files +.Sp +Number of bytes of data read from random seed files. With \s-1SSL\s0 versions +less than 0.9.5a, also determines how many bytes of data are considered +sufficient to seed the \s-1PRNG\s0. More recent OpenSSL versions have a builtin +function to determine when sufficient randomness is available. +.IP "\fBRNDfile\fR = file" 4 +.IX Item "RNDfile = file" +path to file with random seed data +.Sp +The \s-1SSL\s0 library will use data from this file first to seed the random +number generator. +.IP "\fBRNDoverwrite\fR = yes | no" 4 +.IX Item "RNDoverwrite = yes | no" +overwrite the random seed files with new random data +.Sp +default: yes +.IP "\fBservice\fR = servicename (Unix only)" 4 +.IX Item "service = servicename (Unix only)" +use specified string as \fIinetd\fR mode service name for \s-1TCP\s0 Wrapper library +.Sp +default: stunnel +.IP "\fBsetgid\fR = groupname (Unix only)" 4 +.IX Item "setgid = groupname (Unix only)" +\&\fIsetgid()\fR to groupname in daemon mode and clears all other groups +.IP "\fBsetuid\fR = username (Unix only)" 4 +.IX Item "setuid = username (Unix only)" +\&\fIsetuid()\fR to username in daemon mode +.IP "\fBsocket\fR = a|l|r:option=value[:value]" 4 +.IX Item "socket = a|l|r:option=value[:value]" +Set an option on accept/local/remote socket +.Sp +The values for linger option are l_onof:l_linger. +The values for time are tv_sec:tv_usec. +.Sp +Examples: +.Sp +.Vb 9 +\& socket = l:SO_LINGER=1:60 +\& set one minute timeout for closing local socket +\& socket = r:SO_OOBINLINE=yes +\& place out\-of\-band data directly into the +\& receive data stream for remote sockets +\& socket = a:SO_REUSEADDR=no +\& disable address reuse (enabled by default) +\& socket = a:SO_BINDTODEVICE=lo +\& only accept connections on loopback interface +.Ve +.IP "\fBsyslog\fR = yes | no (Unix only)" 4 +.IX Item "syslog = yes | no (Unix only)" +enable logging via syslog +.Sp +default: yes +.IP "\fBtaskbar\fR = yes | no (\s-1WIN32\s0 only)" 4 +.IX Item "taskbar = yes | no (WIN32 only)" +enable the taskbar icon +.Sp +default: yes +.SS "SERVICE-LEVEL \s-1OPTIONS\s0" +.IX Subsection "SERVICE-LEVEL OPTIONS" +Each configuration section begins with service name in square brackets. +The service name is used for libwrap (\s-1TCP\s0 Wrappers) access control and lets +you distinguish \fBstunnel\fR services in your log files. +.PP +Note that if you wish to run \fBstunnel\fR in \fIinetd\fR mode (where it +is provided a network socket by a server such as \fIinetd\fR, \fIxinetd\fR, +or \fItcpserver\fR) then you should read the section entitled \fI\s-1INETD\s0 \s-1MODE\s0\fR +below. +.IP "\fBaccept\fR = address" 4 +.IX Item "accept = address" +accept connections on specified address +.Sp +If no host specified, defaults to all IPv4 addresses for the local host. +.Sp +To listen on all IPv6 addresses use: +.Sp +.Vb 1 +\& connect = :::port +.Ve +.IP "\fBCApath\fR = directory" 4 +.IX Item "CApath = directory" +Certificate Authority directory +.Sp +This is the directory in which \fBstunnel\fR will look for certificates when using +the \fIverify\fR. Note that the certificates in this directory should be named +\&\s-1XXXXXXXX\s0.0 where \s-1XXXXXXXX\s0 is the hash value of the \s-1DER\s0 encoded subject of the +cert. +.Sp +The hash algorithm has been changed in OpenSSL 1.0.0. It is required to +c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x. +.Sp +\&\fICApath\fR path is relative to \fIchroot\fR directory if specified. +.IP "\fBCAfile\fR = certfile" 4 +.IX Item "CAfile = certfile" +Certificate Authority file +.Sp +This file contains multiple \s-1CA\s0 certificates, used with the \fIverify\fR. +.IP "\fBcert\fR = pemfile" 4 +.IX Item "cert = pemfile" +certificate chain \s-1PEM\s0 file name +.Sp +A \s-1PEM\s0 is always needed in server mode. +Specifying this flag in client mode will use this certificate chain +as a client side certificate chain. Using client side certs is optional. +The certificates must be in \s-1PEM\s0 format and must be sorted starting with the +certificate to the highest level (root \s-1CA\s0). +.IP "\fBciphers\fR = cipherlist" 4 +.IX Item "ciphers = cipherlist" +Select permitted \s-1SSL\s0 ciphers +.Sp +A colon delimited list of the ciphers to allow in the \s-1SSL\s0 connection. +For example \s-1DES\-CBC3\-SHA:IDEA\-CBC\-MD5\s0 +.IP "\fBclient\fR = yes | no" 4 +.IX Item "client = yes | no" +client mode (remote service uses \s-1SSL\s0) +.Sp +default: no (server mode) +.IP "\fBconnect\fR = address" 4 +.IX Item "connect = address" +connect to a remote address +.Sp +If no host is specified, the host defaults to localhost. +.Sp +Multiple \fBconnect\fR options are allowed in a single service section. +.Sp +If host resolves to multiple addresses and/or if multiple \fIconnect\fR +options are specified, then the remote address is chosen using a +round-robin algorithm. +.IP "\fBCRLpath\fR = directory" 4 +.IX Item "CRLpath = directory" +Certificate Revocation Lists directory +.Sp +This is the directory in which \fBstunnel\fR will look for CRLs when +using the \fIverify\fR. Note that the CRLs in this directory should +be named \s-1XXXXXXXX\s0.r0 where \s-1XXXXXXXX\s0 is the hash value of the \s-1CRL\s0. +.Sp +The hash algorithm has been changed in OpenSSL 1.0.0. It is required to +c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x. +.Sp +\&\fICRLpath\fR path is relative to \fIchroot\fR directory if specified. +.IP "\fBCRLfile\fR = certfile" 4 +.IX Item "CRLfile = certfile" +Certificate Revocation Lists file +.Sp +This file contains multiple CRLs, used with the \fIverify\fR. +.IP "\fBcurve\fR = nid" 4 +.IX Item "curve = nid" +specify \s-1ECDH\s0 curve name +.Sp +To get a list of supported cuves use: +.Sp +.Vb 1 +\& openssl ecparam \-list_curves +.Ve +.Sp +default: prime256v1 +.IP "\fBdelay\fR = yes | no" 4 +.IX Item "delay = yes | no" +delay \s-1DNS\s0 lookup for 'connect' option +.Sp +This option is useful for dynamic \s-1DNS\s0, or when \s-1DNS\s0 is not available during +stunnel startup (road warrior \s-1VPN\s0, dial-up configurations). +.IP "\fBengineNum\fR = engine number" 4 +.IX Item "engineNum = engine number" +select engine number to read private key +.Sp +The engines are numbered starting from 1. +.IP "\fBexec\fR = executable_path" 4 +.IX Item "exec = executable_path" +execute local inetd-type program +.Sp +\&\fIexec\fR path is relative to \fIchroot\fR directory if specified. +.ie n .IP "\fBexecargs\fR = $0 $1 $2 ..." 4 +.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ..." 4 +.IX Item "execargs = $0 $1 $2 ..." +arguments for \fIexec\fR including program name ($0) +.Sp +Quoting is currently not supported. +Arguments are separated with arbitrary number of whitespaces. +.IP "\fBfailover\fR = rr | prio" 4 +.IX Item "failover = rr | prio" +Failover strategy for multiple \*(L"connect\*(R" targets. +.Sp +.Vb 2 +\& rr (round robin) \- fair load distribution +\& prio (priority) \- use the order specified in config file +.Ve +.Sp +default: rr +.IP "\fBident\fR = username" 4 +.IX Item "ident = username" +use \s-1IDENT\s0 (\s-1RFC\s0 1413) username checking +.IP "\fBkey\fR = keyfile" 4 +.IX Item "key = keyfile" +private key for certificate specified with \fIcert\fR option +.Sp +Private key is needed to authenticate certificate owner. +Since this file should be kept secret it should only be readable +to its owner. On Unix systems you can use the following command: +.Sp +.Vb 1 +\& chmod 600 keyfile +.Ve +.Sp +default: value of \fIcert\fR option +.IP "\fBlibwrap\fR = yes | no" 4 +.IX Item "libwrap = yes | no" +Enable or disable the use of /etc/hosts.allow and /etc/hosts.deny. +.Sp +default: yes +.IP "\fBlocal\fR = host" 4 +.IX Item "local = host" +\&\s-1IP\s0 of the outgoing interface is used as source for remote connections. +Use this option to bind a static local \s-1IP\s0 address, instead. +.IP "\fBsni\fR = service_name:server_name (server mode)" 4 +.IX Item "sni = service_name:server_name (server mode)" +Use the service as a slave service (a name-based virtual server) for Server +Name Indication \s-1TLS\s0 extension (\s-1RFC\s0 3546). +.Sp +\&\fIservice_name\fR specifies the master service that accepts client connections +with \fIaccept\fR option. \fIserver_name\fR specifies the host name to be redirected. +Multiple slave services are normally specified for a single master service. +\&\fIsni\fR option can also be specified more than once within a single slave service. +.Sp +This service, as well as the master service, may not be configured in client mode. +\&\fIconnect\fR option of the slave service is ignored when \fIprotocol\fR option is +specified, as \fIprotocol\fR connects remote host before \s-1TLS\s0 handshake. +Libwrap checks (Unix only) are performed twice: with master service name after +\&\s-1TCP\s0 connection is accepted, and with slave service name during \s-1TLS\s0 handshake. +.Sp +Option \fIsni\fR is only available when compiled with OpenSSL 1.0.0 and later. +.IP "\fBsni\fR = server_name (client mode)" 4 +.IX Item "sni = server_name (client mode)" +Use the parameter as the value of \s-1TLS\s0 Server Name Indication (\s-1RFC\s0 3546) +extension. +.Sp +Option \fIsni\fR is only available when compiled with OpenSSL 1.0.0 and later. +.IP "\fB\s-1OCSP\s0\fR = url" 4 +.IX Item "OCSP = url" +select \s-1OCSP\s0 server for certificate verification +.IP "\fBOCSPflag\fR = flag" 4 +.IX Item "OCSPflag = flag" +specify \s-1OCSP\s0 server flag +.Sp +Several \fIOCSPflag\fR can be used to specify multiple flags. +.Sp +currently supported flags: \s-1NOCERTS\s0, \s-1NOINTERN\s0 \s-1NOSIGS\s0, \s-1NOCHAIN\s0, \s-1NOVERIFY\s0, +\&\s-1NOEXPLICIT\s0, \s-1NOCASIGN\s0, \s-1NODELEGATED\s0, \s-1NOCHECKS\s0, \s-1TRUSTOTHER\s0, \s-1RESPID_KEY\s0, \s-1NOTIME\s0 +.IP "\fBoptions\fR = SSL_options" 4 +.IX Item "options = SSL_options" +OpenSSL library options +.Sp +The parameter is the OpenSSL option name as described in the +\&\fI\fISSL_CTX_set_options\fI\|(3ssl)\fR manual, but without \fI\s-1SSL_OP_\s0\fR prefix. +Several \fIoptions\fR can be used to specify multiple options. +.Sp +For example for compatibility with erroneous Eudora \s-1SSL\s0 implementation +the following option can be used: +.Sp +.Vb 1 +\& options = DONT_INSERT_EMPTY_FRAGMENTS +.Ve +.IP "\fBprotocol\fR = proto" 4 +.IX Item "protocol = proto" +application protocol to negotiate \s-1SSL\s0 (e.g. \fIstarttls\fR or \fIstls\fR) +.Sp +\&\fIprotocol\fR option should not be used with \s-1SSL\s0 encryption on a separate port. +.Sp +Currently supported protocols: +.RS 4 +.IP "\fIcifs\fR" 4 +.IX Item "cifs" +Proprietary (undocummented) extension of \s-1CIFS\s0 protocol implemented in Samba. +Support for this extension was dropped in Samba 3.0.0. +.IP "\fIconnect\fR" 4 +.IX Item "connect" +Based on \s-1RFC\s0 2817 \- \fIUpgrading to \s-1TLS\s0 Within \s-1HTTP/1\s0.1\fR, section 5.2 \- \fIRequesting a Tunnel with \s-1CONNECT\s0\fR +.Sp +This protocol is only supported in client mode. +.IP "\fIimap\fR" 4 +.IX Item "imap" +Based on \s-1RFC\s0 2595 \- \fIUsing \s-1TLS\s0 with \s-1IMAP\s0, \s-1POP3\s0 and \s-1ACAP\s0\fR +.IP "\fInntp\fR" 4 +.IX Item "nntp" +Based on \s-1RFC\s0 4642 \- \fIUsing Transport Layer Security (\s-1TLS\s0) with Network News Transfer Protocol (\s-1NNTP\s0)\fR +.Sp +This protocol is only supported in client mode. +.IP "\fIpgsql\fR" 4 +.IX Item "pgsql" +Based on http://www.postgresql.org/docs/8.3/static/protocol\-flow.html#AEN73982 +.IP "\fIpop3\fR" 4 +.IX Item "pop3" +Based on \s-1RFC\s0 2449 \- \fI\s-1POP3\s0 Extension Mechanism\fR +.IP "\fIproxy\fR" 4 +.IX Item "proxy" +Haproxy client \s-1IP\s0 address http://haproxy.1wt.eu/download/1.5/doc/proxy\-protocol.txt +.IP "\fIsmtp\fR" 4 +.IX Item "smtp" +Based on \s-1RFC\s0 2487 \- \fI\s-1SMTP\s0 Service Extension for Secure \s-1SMTP\s0 over \s-1TLS\s0\fR +.RE +.RS 4 +.RE +.IP "\fBprotocolAuthentication\fR = auth_type" 4 +.IX Item "protocolAuthentication = auth_type" +authentication type for protocol negotiations +.Sp +currently supported: basic, \s-1NTLM\s0 +.Sp +Currently authentication type only applies to 'connect' protocol. +.Sp +default: basic +.IP "\fBprotocolHost\fR = host:port" 4 +.IX Item "protocolHost = host:port" +destination address for protocol negotiations +.IP "\fBprotocolPassword\fR = password" 4 +.IX Item "protocolPassword = password" +password for protocol negotiations +.IP "\fBprotocolUsername\fR = username" 4 +.IX Item "protocolUsername = username" +username for protocol negotiations +.IP "\fBpty\fR = yes | no (Unix only)" 4 +.IX Item "pty = yes | no (Unix only)" +allocate pseudo terminal for 'exec' option +.IP "\fBretry\fR = yes | no (Unix only)" 4 +.IX Item "retry = yes | no (Unix only)" +reconnect a connect+exec section after it's disconnected +.Sp +default: no +.IP "\fBsession\fR = timeout" 4 +.IX Item "session = timeout" +session cache timeout +.IP "\fBsessiond\fR = host:port" 4 +.IX Item "sessiond = host:port" +address of sessiond \s-1SSL\s0 cache server +.IP "\fBsslVersion\fR = version" 4 +.IX Item "sslVersion = version" +select version of \s-1SSL\s0 protocol +.Sp +Allowed options: all, SSLv2, SSLv3, TLSv1 +.IP "\fBstack\fR = bytes (except for \s-1FORK\s0 model)" 4 +.IX Item "stack = bytes (except for FORK model)" +thread stack size +.IP "\fBTIMEOUTbusy\fR = seconds" 4 +.IX Item "TIMEOUTbusy = seconds" +time to wait for expected data +.IP "\fBTIMEOUTclose\fR = seconds" 4 +.IX Item "TIMEOUTclose = seconds" +time to wait for close_notify (set to 0 for buggy \s-1MSIE\s0) +.IP "\fBTIMEOUTconnect\fR = seconds" 4 +.IX Item "TIMEOUTconnect = seconds" +time to wait to connect a remote host +.IP "\fBTIMEOUTidle\fR = seconds" 4 +.IX Item "TIMEOUTidle = seconds" +time to keep an idle connection +.IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 +.IX Item "transparent = none | source | destination | both (Unix only)" +enable transparent proxy support on selected platforms +.Sp +Supported values: +.RS 4 +.IP "\fInone\fR" 4 +.IX Item "none" +Disable transparent proxy support. This is the default. +.IP "\fIsource\fR" 4 +.IX Item "source" +Re-write address to appear as if wrapped daemon is connecting +from the \s-1SSL\s0 client machine instead of the machine running \fBstunnel\fR. +.Sp +This option is currently available in: +.RS 4 +.IP "Remote mode (\fIconnect\fR option) on \fILinux >=2.6.28\fR" 4 +.IX Item "Remote mode (connect option) on Linux >=2.6.28" +This configuration requires stunnel to be executed as root and without +\&\fIsetuid\fR option. +.Sp +This configuration requires the following setup for iptables and routing +(possibly in /etc/rc.local or equivalent file): +.Sp +.Vb 7 +\& iptables \-t mangle \-N DIVERT +\& iptables \-t mangle \-A PREROUTING \-p tcp \-m socket \-j DIVERT +\& iptables \-t mangle \-A DIVERT \-j MARK \-\-set\-mark 1 +\& iptables \-t mangle \-A DIVERT \-j ACCEPT +\& ip rule add fwmark 1 lookup 100 +\& ip route add local 0.0.0.0/0 dev lo table 100 +\& echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter +.Ve +.Sp +\&\fBstunnel\fR must also to be executed as root and without \fIsetuid\fR option. +.IP "Remote mode (\fIconnect\fR option) on \fILinux 2.2.x\fR" 4 +.IX Item "Remote mode (connect option) on Linux 2.2.x" +This configuration requires kernel to be compiled with \fItransparent proxy\fR option. +Connected service must be installed on a separate host. +Routing towards the clients has to go through the stunnel box. +.Sp +\&\fBstunnel\fR must also to be executed as root and without \fIsetuid\fR option. +.IP "Remote mode (\fIconnect\fR option) on \fIFreeBSD >=8.0\fR" 4 +.IX Item "Remote mode (connect option) on FreeBSD >=8.0" +This configuration requires additional firewall and routing setup. +\&\fBstunnel\fR must also to be executed as root and without \fIsetuid\fR option. +.IP "Local mode (\fIexec\fR option)" 4 +.IX Item "Local mode (exec option)" +This configuration works by pre-loading \fIlibstunnel.so\fR shared library. +_RLD_LIST environment variable is used on Tru64, and \s-1LD_PRELOAD\s0 variable on +other platforms. +.RE +.RS 4 +.RE +.IP "\fIdestination\fR" 4 +.IX Item "destination" +Original destination is used instead of \fIconnect\fR option. +.Sp +A service section for transparent destination may look like this: +.Sp +.Vb 4 +\& [transparent] +\& client=yes +\& accept= +\& transparent=destination +.Ve +.Sp +This configuration requires the following setup for iptables +(possibly in /etc/rc.local or equivalent file): +.Sp +.Vb 2 +\& /sbin/iptables \-I INPUT \-i eth0 \-p tcp \-\-dport \-j ACCEPT +\& /sbin/iptables \-t nat \-I PREROUTING \-i eth0 \-p tcp \-\-dport \-j DNAT \-\-to\-destination : +.Ve +.Sp +Transparent destination option is currently only supported on Linux. +.IP "\fIboth\fR" 4 +.IX Item "both" +Use both \fIsource\fR and \fIdestination\fR transparent proxy. +.RE +.RS 4 +.Sp +Two legacy options are also supported for backward compatibility: +.IP "\fIyes\fR" 4 +.IX Item "yes" +This options has been renamed to \fIsource\fR. +.IP "\fIno\fR" 4 +.IX Item "no" +This options has been renamed to \fInone\fR. +.RE +.RS 4 +.RE +.IP "\fBverify\fR = level" 4 +.IX Item "verify = level" +verify peer certificate +.RS 4 +.IP "\fIlevel 0\fR \- request and ignore peer certificate" 4 +.IX Item "level 0 - request and ignore peer certificate" +.PD 0 +.IP "\fIlevel 1\fR \- verify peer certificate if present" 4 +.IX Item "level 1 - verify peer certificate if present" +.IP "\fIlevel 2\fR \- verify peer certificate" 4 +.IX Item "level 2 - verify peer certificate" +.IP "\fIlevel 3\fR \- verify peer with locally installed certificate" 4 +.IX Item "level 3 - verify peer with locally installed certificate" +.IP "\fIlevel 4\fR \- ignore \s-1CA\s0 chain and only verify peer certificate" 4 +.IX Item "level 4 - ignore CA chain and only verify peer certificate" +.IP "\fIdefault\fR \- no verify" 4 +.IX Item "default - no verify" +.RE +.RS 4 +.PD +.Sp +It is important to understand, that this option was solely designed for access +control and not for authorization. Specifically for level 2 every non-revoked +certificate is accepted regardless of its Common Name. For this reason a +dedicated \s-1CA\s0 should be used with level 2, and not a generic \s-1CA\s0 commonly used +for webservers. Level 3 is preferred for point-to-point connections. +.RE +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fBstunnel\fR returns zero on success, non-zero on error. +.SH "SIGNALS" +.IX Header "SIGNALS" +The following signals can be used to control stunnel in Unix environment: +.IP "\s-1SIGHUP\s0" 4 +.IX Item "SIGHUP" +Force a reload of the configuration file. +.Sp +Some global options will not be reloaded: +.RS 4 +.IP "\(bu" 4 +chroot +.IP "\(bu" 4 +foreground +.IP "\(bu" 4 +pid +.IP "\(bu" 4 +setgid +.IP "\(bu" 4 +setuid +.RE +.RS 4 +.Sp +The use of 'setuid' option will also prevent stunnel from binding privileged +(<1024) ports during configuration reloading. +.Sp +When 'chroot' option is used, stunnel will look for all its files (including +configuration file, certificates, log file and pid file) within the chroot +jail. +.RE +.IP "\s-1SIGUSR1\s0" 4 +.IX Item "SIGUSR1" +Close and reopen stunnel log file. +This function can be used for log rotation. +.IP "\s-1SIGTERM\s0, \s-1SIGQUIT\s0, \s-1SIGINT\s0" 4 +.IX Item "SIGTERM, SIGQUIT, SIGINT" +Shut stunnel down. +.PP +The result of sending any other signals to the server is undefined. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +In order to provide \s-1SSL\s0 encapsulation to your local \fIimapd\fR service, use +.PP +.Vb 4 +\& [imapd] +\& accept = 993 +\& exec = /usr/sbin/imapd +\& execargs = imapd +.Ve +.PP +If you want to provide tunneling to your \fIpppd\fR daemon on port 2020, +use something like +.PP +.Vb 5 +\& [vpn] +\& accept = 2020 +\& exec = /usr/sbin/pppd +\& execargs = pppd local +\& pty = yes +.Ve +.PP +If you want to use \fBstunnel\fR in \fIinetd\fR mode to launch your imapd +process, you'd use this \fIstunnel.conf\fR. +Note there must be no \fI[service_name]\fR section. +.PP +.Vb 2 +\& exec = /usr/sbin/imapd +\& execargs = imapd +.Ve +.SH "NOTES" +.IX Header "NOTES" +.SS "\s-1RESTRICTIONS\s0" +.IX Subsection "RESTRICTIONS" +\&\fBstunnel\fR cannot be used for the \s-1FTP\s0 daemon because of the nature +of the \s-1FTP\s0 protocol which utilizes multiple ports for data transfers. +There are available \s-1SSL\s0 enabled versions of \s-1FTP\s0 and telnet daemons, however. +.SS "\s-1INETD\s0 \s-1MODE\s0" +.IX Subsection "INETD MODE" +The most common use of \fBstunnel\fR is to listen on a network +port and establish communication with either a new port +via the connect option, or a new program via the \fIexec\fR option. +However there is a special case when you wish to have +some other program accept incoming connections and +launch \fBstunnel\fR, for example with \fIinetd\fR, \fIxinetd\fR, +or \fItcpserver\fR. +.PP +For example, if you have the following line in \fIinetd.conf\fR: +.PP +.Vb 1 +\& imaps stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/imaps.conf +.Ve +.PP +In these cases, the \fIinetd\fR\-style program is responsible +for binding a network socket (\fIimaps\fR above) and handing +it to \fBstunnel\fR when a connection is received. +Thus you do not want \fBstunnel\fR to have any \fIaccept\fR option. +All the \fIService Level Options\fR should be placed in the +global options section, and no \fI[service_name]\fR section +will be present. See the \fI\s-1EXAMPLES\s0\fR section for example +configurations. +.SS "\s-1CERTIFICATES\s0" +.IX Subsection "CERTIFICATES" +Each \s-1SSL\s0 enabled daemon needs to present a valid X.509 certificate +to the peer. It also needs a private key to decrypt the incoming +data. The easiest way to obtain a certificate and a key is to +generate them with the free \fIOpenSSL\fR package. You can find more +information on certificates generation on pages listed below. +.PP +The order of contents of the \fI.pem\fR file is important. It should contain the +unencrypted private key first, then a signed certificate (not certificate +request). There should be also empty lines after certificate and private key. +Plaintext certificate information appended on the top of generated certificate +should be discarded. So the file should look like this: +.PP +.Vb 8 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& [encoded key] +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +\& [empty line] +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& [encoded certificate] +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +\& [empty line] +.Ve +.SS "\s-1RANDOMNESS\s0" +.IX Subsection "RANDOMNESS" +\&\fBstunnel\fR needs to seed the \s-1PRNG\s0 (pseudo random number generator) in +order for \s-1SSL\s0 to use good randomness. The following sources are loaded +in order until sufficient random data has been gathered: +.IP "\(bu" 4 +The file specified with the \fIRNDfile\fR flag. +.IP "\(bu" 4 +The file specified by the \s-1RANDFILE\s0 environment variable, if set. +.IP "\(bu" 4 +The file .rnd in your home directory, if \s-1RANDFILE\s0 not set. +.IP "\(bu" 4 +The file specified with '\-\-with\-random' at compile time. +.IP "\(bu" 4 +The contents of the screen if running on Windows. +.IP "\(bu" 4 +The egd socket specified with the \fI\s-1EGD\s0\fR flag. +.IP "\(bu" 4 +The egd socket specified with '\-\-with\-egd\-sock' at compile time. +.IP "\(bu" 4 +The /dev/urandom device. +.PP +With recent (>=OpenSSL 0.9.5a) version of \s-1SSL\s0 it will stop loading +random data automatically when sufficient entropy has been gathered. +With previous versions it will continue to gather from all the above +sources since no \s-1SSL\s0 function exists to tell when enough data is available. +.PP +Note that on Windows machines that do not have console user interaction +(mouse movements, creating windows, etc.) the screen contents are not +variable enough to be sufficient, and you should provide a random file +for use with the \fIRNDfile\fR flag. +.PP +Note that the file specified with the \fIRNDfile\fR flag should contain +random data \*(-- that means it should contain different information +each time \fBstunnel\fR is run. This is handled automatically +unless the \fIRNDoverwrite\fR flag is used. If you wish to update this file +manually, the \fIopenssl rand\fR command in recent versions of OpenSSL, +would be useful. +.PP +One important note \*(-- if /dev/urandom is available, OpenSSL has a habit of +seeding the \s-1PRNG\s0 with it even when checking the random state, so on +systems with /dev/urandom you're likely to use it even though it's listed +at the very bottom of the list above. This isn't \fBstunnel's\fR behaviour, it's +OpenSSLs. +.SS "\s-1DH\s0 \s-1PARAMETERS\s0" +.IX Subsection "DH PARAMETERS" +Stunnel 4.40 and later contains hardcoded 2048\-bit \s-1DH\s0 parameters. +.PP +It is also possible to specify \s-1DH\s0 parameters in the certificate file: +.PP +.Vb 1 +\& openssl dhparam 2048 >> stunnel.pem +.Ve +.PP +\&\s-1DH\s0 parameter generation may take several minutes. +.SH "FILES" +.IX Header "FILES" +.IP "\fIstunnel.conf\fR" 4 +.IX Item "stunnel.conf" +\&\fBstunnel\fR configuration file +.SH "BUGS" +.IX Header "BUGS" +Option \fIexecargs\fR does not support quoting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +.IP "\fItcpd\fR\|(8)" 4 +.IX Item "tcpd" +access control facility for internet services +.IP "\fIinetd\fR\|(8)" 4 +.IX Item "inetd" +internet 'super\-server' +.IP "\fIhttp://www.stunnel.org/\fR" 4 +.IX Item "http://www.stunnel.org/" +\&\fBstunnel\fR homepage +.IP "\fIhttp://www.openssl.org/\fR" 4 +.IX Item "http://www.openssl.org/" +OpenSSL project website +.SH "AUTHOR" +.IX Header "AUTHOR" +.IP "Michał Trojnara" 4 +.IX Item "Michał Trojnara" +<\fIMichal.Trojnara@mirt.net\fR> diff --git a/doc/stunnel.fr.8 b/doc/stunnel.fr.8 new file mode 100644 index 0000000..b6d29fb --- /dev/null +++ b/doc/stunnel.fr.8 @@ -0,0 +1,574 @@ +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" ======================================================================== +.\" +.IX Title "STUNNEL.FR 8" +.TH STUNNEL.FR 8 "2012.01.12" "4.53" "stunnel" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NOM" +.IX Header "NOM" +stunnel \- tunnel \s-1SSL\s0 universel +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.IP "\fBUnix:\fR" 4 +.IX Item "Unix:" +\&\fBstunnel\fR [fichier] | \-fd [n] | \-help | \-version | \-sockets +.IP "\fB\s-1WIN32:\s0\fR" 4 +.IX Item "WIN32:" +\&\fBstunnel\fR [fichier] | \-install | \-uninstall | \-help | \-version | \-sockets +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Le programme \fBstunnel\fR est conçu pour fonctionner comme une couche +de chiffrement \fI\s-1SSL\s0\fR entre des clients distants et des serveurs locaux +(\fIinetd\fR\-démarrables) ou distants. Le concept est qu'à partir de daemons +non-SSL présents sur le système, on peut facilement les configurer pour +communiquer avec des clients sur des liens sécurisés \s-1SSL\s0. +.PP +\&\fBstunnel\fR peut être utilisé pour ajouter des fonctionnalités \s-1SSL\s0 à des +daemons classiques \fIInetd\fR tels que les serveurs \s-1POP\-2\s0, \s-1POP\-3\s0 et \s-1IMAP\s0, +à d'autres autonomes tels que \s-1NNTP\s0, \s-1SMTP\s0 et \s-1HTTP\s0, ainsi que pour tunneliser +\&\s-1PPP\s0 sur des sockets réseau sans modification du code source. +.PP +Ce produit inclut du code de chiffrement écrit par +Eric Young (eay@cryptsoft.com) +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB[fichier]\fR" 4 +.IX Item "[fichier]" +Utilisation du fichier de configuration spécifié. +.IP "\fB\-fd [n]\fR (Unix seulement)" 4 +.IX Item "-fd [n] (Unix seulement)" +Lecture du fichier de configuration depuis le descripteur de +fichier indiqué. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Affiche le menu d'aide de \fBstunnel\fR. +.IP "\fB\-version\fR" 4 +.IX Item "-version" +Affiche la version de \fBstunnel\fR et les options de compilation. +.IP "\fB\-sockets\fR" 4 +.IX Item "-sockets" +Affiche les options socket par défaut. +.IP "\fB\-install\fR (\s-1NT/2000/XP\s0 seulement)" 4 +.IX Item "-install (NT/2000/XP seulement)" +Installe un service \s-1NT\s0. +.IP "\fB\-uninstall\fR (\s-1NT/2000/XP\s0 only)" 4 +.IX Item "-uninstall (NT/2000/XP only)" +Désinstalle un service \s-1NT\s0. +.SH "FICHIER DE CONFIGURATION" +.IX Header "FICHIER DE CONFIGURATION" +Chaque ligne du fichier de configuration peut être soit : +.IP "\(bu" 4 +une ligne vide (ignorée) ; +.IP "\(bu" 4 +un commentaire commençant par « # » (ignoré) ; +.IP "\(bu" 4 +une paire « option = valeur » ; +.IP "\(bu" 4 +« [service_name] » indiquant le début de la définition d'un service ; +.SS "\s-1OPTIONS\s0 \s-1GLOBALES\s0" +.IX Subsection "OPTIONS GLOBALES" +.IP "\fBCApath\fR = répertoire" 4 +.IX Item "CApath = répertoire" +Répertoire des autorités de certification (\s-1CA\s0) +.Sp +C'est le répertoire dans lequel \fBstunnel\fR cherche les certificats si +l'on utilise \fIverify\fR. Les certificats doivent être dénommés selon la +forme \s-1XXXXXXXX\s0.0, où \s-1XXXXXXXX\s0 est la valeur de hachage du certificat. +.Sp +Le cas échéant, le répertoire \fICApath\fR est relatif au répertoire \fIchroot\fR. +.IP "\fBCAfile\fR = fichier" 4 +.IX Item "CAfile = fichier" +Fichier d'autorités de certification +.Sp +Ce fichier, utilisé avec \fIverify\fR, contient plusieurs certificats de \s-1CA\s0. +.IP "\fBcert\fR = fichier" 4 +.IX Item "cert = fichier" +Fichier de chaîne de certificats \s-1PEM\s0 +.Sp +Une \s-1PEM\s0 est toujours nécessaire en mode serveur. +En mode client, cette option utilise cette \s-1PEM\s0 comme une chaîne côté client. +L'utilisation de certificats côté client est optionnelle. Les certificats +doivent être au format \s-1PEM\s0 et triés par ordre de niveau décroissant (\s-1CA\s0 racine +en premier). +.IP "\fBchroot\fR = répertoire (Unix seulement)" 4 +.IX Item "chroot = répertoire (Unix seulement)" +Répertoire de chroot du processus \fBstunnel\fR +.Sp +\&\fBchroot\fR enferme \fBstunnel\fR dans une cellule chroot. \fICApath\fR, \fICRLpath\fR, \fIpid\fR +et \fIexec\fR sont situés à l'intérieur de la cellule et les répertoires doivent être +relatifs au répertoire correspondant. +.Sp +Pour que le contrôle de libwrap (wrappeur \s-1TCP\s0) soit effectif dans un environnement +chroot, il faut aussi y recopier leurs fichiers de configuration (/etc/hosts.allow et +/etc/hosts.deny). +.IP "\fBciphers\fR = listes de chiffre" 4 +.IX Item "ciphers = listes de chiffre" +Sélection des chiffres \s-1SSL\s0 autorisés +.Sp +Liste délimitée par deux-points (« : ») des chiffres autorisés pour la connexion \s-1SSL\s0. +Exemple : \s-1DES\-CBC3\-SHA:IDEA\-CBC\-MD5\s0 +.IP "\fBclient\fR = yes | no" 4 +.IX Item "client = yes | no" +Mode client (Le service distant utilise \s-1SSL\s0) +.Sp +Par défaut : no (mode server) +.IP "\fBCRLpath\fR = répertoire" 4 +.IX Item "CRLpath = répertoire" +Répertoire des listes de révocation de certificats (\s-1CRL\s0) +.Sp +C'est le répertoire dans lequel \fBstunnel\fR recherche les \s-1CRL\s0 avec +l'option \fIverify\fR. Les \s-1CRL\s0 doivent être dénommés selon la +forme \s-1XXXXXXXX\s0.0 où \s-1XXXXXXXX\s0 est la valeur de hachage de la \s-1CRL\s0. +.Sp +Le cas échéant, le répertoire \fICRLpath\fR est relatif au répertoire \fIchroot\fR. +.IP "\fBCRLfile\fR = fichier" 4 +.IX Item "CRLfile = fichier" +Fichier de listes de révocation de certificats (\s-1CRL\s0) +.Sp +Ce fichier, utilisé avec \fIverify\fR, contient plusieurs \s-1CRL\s0. +.IP "\fBdebug\fR = [facilité.]niveau" 4 +.IX Item "debug = [facilité.]niveau" +niveau de déverminage +.Sp +Le niveau est un nom ou un numéro conforme à ceux de syslog : +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6) ou debug (7). Toutes les traces du niveau indiqué et des niveaux +numériquement inférieurs seront affichées. \fBdebug = debug\fR ou +\&\fBdebug = 7\fR donneront le maximum d'informations. La valeur par défaut +est notice (5). +.Sp +La facilité syslog « daemon » est utilisée, sauf si un autre nom est spécifié +(Win32 ne permet pas l'usage des facilités.) +.Sp +La casse est ignorée, aussi bien pour la facilité que pour le niveau. +.IP "\fB\s-1EGD\s0\fR = chemin (Unix seulement)" 4 +.IX Item "EGD = chemin (Unix seulement)" +Emplacement du socket du daemon de recueil d'entropie (\s-1EGD\s0 \- Entropy Gathering Daemon) +.Sp +Socket \s-1EGD\s0 à utiliser pour alimenter le générateur d'aléatoires de OpenSSL (disponible +seulement si la compilation a été effectuée avec OpenSSL 0.9.5a ou supérieur). +.IP "\fBforeground\fR = yes | no (Unix seulement)" 4 +.IX Item "foreground = yes | no (Unix seulement)" +Mode avant-plan +.Sp +Reste en avant-plan (sans fork) et dirige la trace sur stderr +au lieu de syslog (sauf si \fBoutput\fR est spécifié). +.Sp +Par défault : arrière\-plan en mode daemon. +.IP "\fBkey\fR = fichier" 4 +.IX Item "key = fichier" +Fichier de clef privée pour le certificat spécifié par \fIcert\fR +.Sp +La clef privée est nécessaire pour authentifier le titulaire du +certificat. +Puisque ce fichier doit rester secret, il ne doit être lisible que +par son propriétaire. Sur les systèmes Unix, on peut utiliser la +commande suivante : +.Sp +.Vb 1 +\& chmod 600 fichier +.Ve +.Sp +Par défault : Valeur de \fIcert\fR +.IP "\fBoptions\fR = Options_SSL" 4 +.IX Item "options = Options_SSL" +Options de la bibliothèque OpenSSL +.Sp +Le paramètre est l'option OpenSSL décrite dans la page de man +\&\fI\fISSL_CTX_set_options\fI\|(3ssl)\fR, débarassée du préfixe \fI\s-1SSL_OP_\s0\fR. +Plusieurs \fIoptions\fR peuvent être spécifiées. +.Sp +Par exemple, pour la compatibilité avec l'implantation \s-1SSL\s0 défaillante +d'Eudora, on peut utiliser : +.Sp +.Vb 1 +\& options = DONT_INSERT_EMPTY_FRAGMENTS +.Ve +.IP "\fBoutput\fR = fichier" 4 +.IX Item "output = fichier" +Ajoute la trace à la fin d'un fichier au lieu d'utiliser syslog. +.Sp +/dev/stdout peut être utilisé pour afficher les traces sur la sortie standard +(par exemple pour les traiter avec les outils splogger). +.IP "\fBpid\fR = fichier (Unix seulement)" 4 +.IX Item "pid = fichier (Unix seulement)" +Emplacement du fichier pid +.Sp +Si l'argument est vide, aucun fichier ne sera créé. +.Sp +Le cas échéant, le chemin \fIpid\fR est relatif au répertoire \fIchroot\fR. +.IP "\fBRNDbytes\fR = nombre" 4 +.IX Item "RNDbytes = nombre" +Nombre d'octets à lire depuis les fichiers de « sel » aléatoire +.Sp +Avec les \s-1SSL\s0 de version inférieure à 0.9.5a, détermine aussi le nombre +d'octets considérés comme suffisants pour « saler » le \s-1PRNG\s0. Les versions plus +récentes d'OpenSSL ont une fonction intégrée qui détermine lorsque l'aléatoire +est suffisant. +.IP "\fBRNDfile\fR = fichier" 4 +.IX Item "RNDfile = fichier" +chemin du fichier de données de « sel » aléatoire +.Sp +La bibliothèque \s-1SSL\s0 utilise prioritairement les données de ce fichier pour +« saler » le générateur d'aléatoire. +.IP "\fBRNDoverwrite\fR = yes | no" 4 +.IX Item "RNDoverwrite = yes | no" +Recouvre les fichiers de « sel » avec de nouvelles données aléatoires. +.Sp +Par défaut : yes +.IP "\fBservice\fR = nom" 4 +.IX Item "service = nom" +Définit le nom de service à utiliser +.Sp +\&\fBSous Unix :\fR nom de service du mode \fIinetd\fR pour la bibliothèque \s-1TCP\s0 Wrapper. +.Sp +Par défaut : stunnel +.IP "\fBsession\fR = timeout" 4 +.IX Item "session = timeout" +Timeout du cache de session +.IP "\fBsetgid\fR = nom (Unix seulement)" 4 +.IX Item "setgid = nom (Unix seulement)" +Nom de groupe utilisé en mode daemon (les éventuels autres noms de groupe attribués sont supprimés) +.IP "\fBsetuid\fR = nom (Unix seulement)" 4 +.IX Item "setuid = nom (Unix seulement)" +Nom d'utilisateur utilisé en mode daemon +.IP "\fBsocket\fR = a|l|r:option=valeur[:valeur]" 4 +.IX Item "socket = a|l|r:option=valeur[:valeur]" +Configure une option de socket accept (a), locale (l) ou distante (r) +.Sp +Les valeurs de l'option linger sont : l_onof:l_linger. +Les valeurs de l'option time sont : tv_sec:tv_usec. +.Sp +Exemples : +.Sp +.Vb 9 +\& socket = l:SO_LINGER=1:60 +\& définit un délai d\*(Aqune minute pour la clôture des sockets locaux +\& socket = r:SO_OOBINLINE=yes +\& Place directement les données hors\-bande dans le flux de réception +\& des sockets distants +\& socket = a:SO_REUSEADDR=no +\& désactive la réutilisation d\*(Aqadresses (activée par défaut) +\& socket = a:SO_BINDTODEVICE=lo +\& limite l\*(Aqacceptation des connexions sur la seule interface de bouclage +.Ve +.IP "\fBtaskbar\fR = yes | no (\s-1WIN32\s0 seulement)" 4 +.IX Item "taskbar = yes | no (WIN32 seulement)" +active l'icône de la barre de tâches +.Sp +Par défaut : yes +.IP "\fBverify\fR = niveau" 4 +.IX Item "verify = niveau" +Vérifie le certificat du correspondant +.Sp +.Vb 3 +\& niveau 1 \- vérifie le certificat s\*(Aqil est présent +\& niveau 2 \- vérifie le certificat +\& niveau 3 \- contrôle le correspondant avec le certificat local +.Ve +.Sp +Par défaut \- pas de vérification +.SS "\s-1OPTIONS\s0 \s-1DE\s0 \s-1SERVICE\s0" +.IX Subsection "OPTIONS DE SERVICE" +Chaque section de configuration commence par le nom du service entre crochets. +Celui-ci est utilisé par le contrôle d'accès de libwrap (\s-1TCP\s0 Wrappers) et sert +à distinguer les services \fBstunnel\fR dans les fichiers de traces. +.PP +Si l'on souhaite utiliser \fBstunnel\fR en mode \fIinetd\fR (lorsqu'un socket lui est +fourni par un serveur comme \fIinetd\fR, \fIxinetd\fR ou \fItcpserver\fR), il faut se +reporter à la section \fI\s-1MODE\s0 \s-1INETD\s0\fR plus bas. +.IP "\fBaccept\fR = [hôte:]port" 4 +.IX Item "accept = [hôte:]port" +Accepte des connexions sur le port spécifié +.Sp +Si l'hôte n'est pas indiqué, le port est ouvert pour toutes les adresses \s-1IP\s0 de +la machine locale. +.IP "\fBconnect\fR = [hôte:]port" 4 +.IX Item "connect = [hôte:]port" +Se connecte au port distant indiqué +.Sp +Par défaut, l'hôte est localhost. +.IP "\fBdelay\fR = yes | no" 4 +.IX Item "delay = yes | no" +Retarde la recherche \s-1DNS\s0 pour l'option « connect » +.IP "\fBexec\fR = chemin_exécutable (Unix seulement)" 4 +.IX Item "exec = chemin_exécutable (Unix seulement)" +Exécute un programme local de type inetd +.Sp +Le cas échéant, le chemin \fIexec\fR est relatif au répertoire \fIchroot\fR. +.ie n .IP "\fBexecargs\fR = $0 $1 $2 ... (Unix seulement)" 4 +.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ... (Unix seulement)" 4 +.IX Item "execargs = $0 $1 $2 ... (Unix seulement)" +Arguments pour \fIexec\fR, y compris le nom du programme ($0) +.Sp +Les quotes ne peuvent actuellement pas être utilisées. +Les arguments sont séparés par un nombre quelconque d'espaces. +.IP "\fBident\fR = nom" 4 +.IX Item "ident = nom" +Applique le contrôle d'identité d'utilisateur \s-1IDENT\s0 (\s-1RFC\s0 1413) +.IP "\fBlocal\fR = hôte" 4 +.IX Item "local = hôte" +Adresse \s-1IP\s0 de l'interface de sortie utilisée pour les connexions distantes. +Cette option permet de relier une adresse statique locale. +.IP "\fBprotocol\fR = protocole" 4 +.IX Item "protocol = protocole" +Négocie avec \s-1SSL\s0 selon le protocole indiqué +.Sp +Actuellement gérés : cifs, nntp, pop3, smtp +.IP "\fBpty\fR = yes | no (Unix seulement)" 4 +.IX Item "pty = yes | no (Unix seulement)" +Alloue un pseudo-terminal pour l'option « exec » +.IP "\fBTIMEOUTbusy\fR = secondes" 4 +.IX Item "TIMEOUTbusy = secondes" +Durée d'attente de données +.IP "\fBTIMEOUTclose\fR = secondes" 4 +.IX Item "TIMEOUTclose = secondes" +Durée d'attente du close_notify (mis à 0 pour \s-1MSIE\s0 qui est bogué) +.IP "\fBTIMEOUTidle\fR = secondes" 4 +.IX Item "TIMEOUTidle = secondes" +Durée d'attente sur une connexion inactive +.IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 +.IX Item "transparent = yes | no (Unix seulement)" +Mode mandataire transparent +.Sp +Ré\-écrit les adresses pour qu'elles apparaissent provenir de la +machine client \s-1SSL\s0 plutôt que de celle qui exécute \fBstunnel\fR. +Cette option n'est disponible en mode local (option \fIexec\fR) qu'avec +la bibliothèque partagée LD_PRELOADing env.so shared library et en mode +distant (option \fIconnect\fR) sur les noyaux Linux 2.2 compilés avec +l'option \fItransparent proxy\fR et seulement en mode serveur. Cette +option ne se combine pas au mode mandataire (\fIconnect\fR) sauf si la +route par défaut du client vers la cible passe par l'hôte qui fait +tourner \fBstunnel\fR, qui ne peut être localhost. +.SH "VALEUR DE RETOUR" +.IX Header "VALEUR DE RETOUR" +\&\fBstunnel\fR renvoie zéro en cas de succès, une autre valeur en cas d'erreur. +.SH "EXEMPLES" +.IX Header "EXEMPLES" +Pour encapsuler votre service \fIimapd\fR local avec \s-1SSL\s0 : +.PP +.Vb 4 +\& [imapd] +\& accept = 993 +\& exec = /usr/sbin/imapd +\& execargs = imapd +.Ve +.PP +Pour tunneliser un daemon \fIpppd\fR sur le port 2020 : +.PP +.Vb 5 +\& [vpn] +\& accept = 2020 +\& exec = /usr/sbin/pppd +\& execargs = pppd local +\& pty = yes +.Ve +.PP +Configuration de \fIstunnel.conf\fR pour utiliser \fBstunnel\fR en mode \fIinetd\fR +qui lance imapd à son tour (il ne doit pas y avoir de section \fI[service_name]\fR) : +.PP +.Vb 2 +\& exec = /usr/sbin/imapd +\& execargs = imapd +.Ve +.SH "FICHIERS" +.IX Header "FICHIERS" +.IP "\fIstunnel.conf\fR" 4 +.IX Item "stunnel.conf" +Fichier de configuration de \fBstunnel\fR +.IP "\fIstunnel.pem\fR" 4 +.IX Item "stunnel.pem" +Certificat et clef privée de \fBstunnel\fR +.SH "BOGUES" +.IX Header "BOGUES" +L'option \fIexecargs\fR n'admet pas les quotes. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +\&\fBstunnel\fR ne peut être utilisé pour le daemon \s-1FTP\s0 en raison de la nature +du protocole \s-1FTP\s0 qui utilise des ports multiples pour les transferts de données. +Il existe cependant des versions \s-1SSL\s0 de \s-1FTP\s0 et de telnet. +.SH "NOTES" +.IX Header "NOTES" +.SS "\s-1MODE\s0 \s-1INETD\s0" +.IX Subsection "MODE INETD" +L'utilisation la plus commune de \fBstunnel\fR consiste à écouter un port +réseau et à établir une communication, soit avec un nouveau port +avec l'option \fIconnect\fR, soit avec un programme avec l'option \fIexec\fR. +On peut parfois cependant souhaiter qu'un autre programme reçoive les +connexions entrantes et lance \fBstunnel\fR, par exemple avec \fIinetd\fR, +\&\fIxinetd\fR ou \fItcpserver\fR. +.PP +Si, par exemple, la ligne suivante se trouve dans \fIinetd.conf\fR : +.PP +.Vb 1 +\& imaps stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/imaps.conf +.Ve +.PP +Dans ces cas, c'est le programme du genre \fIinetd\fR\-style qui est +responsable de l'établissement de la connexion (\fIimaps\fR ci-dessus) et de passer +celle-ci à \fBstunnel\fR. +Ainsi, \fBstunnel\fR ne doit alors avoir aucune option \fIaccept\fR. +Toutes les \fIoptions de niveau service\fR doivent être placées dans +la section des options globales et aucune section \fI[service_name]\fR ne doit +être présente. Voir la section \fI\s-1EXEMPLES\s0\fR pour des exemples de configurations. +.SS "\s-1CERTIFICATS\s0" +.IX Subsection "CERTIFICATS" +Chaque daemon à propriétés \s-1SSL\s0 doit présenter un certificat X.509 +valide à son interlocuteur. Il a aussi besoin d'une clef privé pour +déchiffrer les données entrantes. La méthode la plus simple pour +obtenir un certificat et une clef est d'engendrer celles-ci avec +le paquetage libre \fIOpenSSL\fR. Plus d'informations sur la génération de +certificats se trouvent dans les pages indiquées plus bas. +.PP +Deux choses importantes lors de la génération de paires certificat-clef +pour \fBstunnel\fR : +.IP "\(bu" 4 +la clef privée ne peut être chiffrée puisque le serveur n'a aucun moyen +d'obtenir le mot de passe de l'utilisateur ; pour produire une clef non chiffrée, +ajouter l'option \fI\-nodes\fR à la commande \fBreq\fR de \fIOpenSSL\fR ; +.IP "\(bu" 4 +l'ordre du contenu du fichier \fI.pem\fR est significatif : il doit contenir d'abord +une clef privée non chiffrée, puis un certificat signé (et non une demande de certificat). +Il doit aussi y avoir des lignes vides après le certificat et après la clef privée. +L'information textuelle ajoutée au début d'un certificat doit être supprimée afin que +le fichier ait l'allure suivante : +.Sp +.Vb 8 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& [clef encodée] +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +\& [ligne vide] +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& [certificat encodé] +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +\& [ligne vide] +.Ve +.SS "\s-1ALEATOIRE\s0" +.IX Subsection "ALEATOIRE" +\&\fBstunnel\fR doit « saler » le générateur de pseudo\-aléatoires \s-1PRNG\s0 (pseudo random +number generator) afin que \s-1SSL\s0 utilise un aléatoire de qualité. Les sources suivantes +sont chargées dans l'ordre jusqu'à ce qu'une quantité suffisante de données soit lue : +.IP "\(bu" 4 +le fichier spécifié par \fIRNDfile\fR ; +.IP "\(bu" 4 +le fichier spécifié par la variable d'environnement \s-1RANDFILE\s0, à défaut +le fichier .rnd du répertoire \f(CW$HOME\fR de l'utilisateur ; +.IP "\(bu" 4 +le fichier spécifié par « \-\-with\-random » lors de la compilation ; +.IP "\(bu" 4 +le contenu de l'écran (MS-Windows seulement) ; +.IP "\(bu" 4 +le socket \s-1EGD\s0 spécifié par \fI\s-1EGD\s0\fR ; +.IP "\(bu" 4 +le socket \s-1EGD\s0 spécifié par « \-\-with\-egd\-sock » lors de la compilation ; +.IP "\(bu" 4 +le périphérique /dev/urandom. +.PP +Avec un OpenSSL récent (>=OpenSSL 0.9.5a) le chargement de données s'arrête +automatiquement lorsqu'un niveau d'entropie suffisant est atteint. +Les versions précédentes continuent à lire toutes les sources puisqu'aucune +fonction \s-1SSL\s0 ne leur permet de savoir que suffisamment de données sont disponibles. +.PP +Sur les machines MS-Windows qui n'ont pas d'interaction utilisateur sur la console, +(mouvements de souris, création de fenêtres, etc.), le contenu de l'écran n'est +pas suffisamment changeant et il est nécessaire de fournir un fichier d'aléatoire +par le biais de \fIRNDfile\fR. +.PP +Le fichier spécifié par \fIRNDfile\fR doit contenir des informations aléatoires \*(-- +c'est\-à\-dire des informations différentes à chaque lancement de \fBstunnel\fR. +Cela est géré automatiquement sauf si l'option \fIRNDoverwrite\fR est utilisée. +Si l'on souhaite procéder manuellement à la mise à jour de ce fichier, la +commande \fIopenssl rand\fR des versions récentes d'OpenSSL sera sans doute utile. +.PP +Note importante : si /dev/urandom est disponible, OpenSSL a l'habitude d'utiliser +celui-ci pour « saler » le \s-1PRNG\s0 même lorsqu'il contrôle l'état de l'aléatoire ; +ainsi, même si /dev/urandom est dernier de la liste ci-dessus, il est vraisemblable +qu'il soit utilisé s'il est présent. +Ce n'est pas le comportement de \fBstunnel\fR, c'est celui d'OpenSSL. +.SH "VOIR AUSSI" +.IX Header "VOIR AUSSI" +.IP "\fItcpd\fR\|(8)" 4 +.IX Item "tcpd" +Service de contrôle d'accès pour les services internet +.IP "\fIinetd\fR\|(8)" 4 +.IX Item "inetd" +« super-serveur » internet +.IP "\fIhttp://www.stunnel.org/\fR" 4 +.IX Item "http://www.stunnel.org/" +Page de référence de \fBstunnel\fR +.IP "\fIhttp://www.openssl.org/\fR" 4 +.IX Item "http://www.openssl.org/" +Site web du projet OpenSSL +.SH "AUTEUR" +.IX Header "AUTEUR" +.IP "Michał Trojnara" 4 +.IX Item "Michał Trojnara" +<\fIMichal.Trojnara@mirt.net\fR> +.SH "ADAPTATION FRANÇAISE" +.IX Header "ADAPTATION FRANÇAISE" +.IP "Bernard Choppy" 4 +.IX Item "Bernard Choppy" +<\fIchoppy \s-1AT\s0 free \s-1POINT\s0 fr\fR> diff --git a/doc/stunnel.fr.html b/doc/stunnel.fr.html new file mode 100644 index 0000000..1d29a49 --- /dev/null +++ b/doc/stunnel.fr.html @@ -0,0 +1,670 @@ + + + + +stunnel.8 + + + + + + + + +

+

+ + + +
+ + +

+

+

NOM

+

stunnel - tunnel SSL universel

+

+

+
+

SYNOPSIS

+
+
Unix:
+ +
+

stunnel [fichier] | -fd [n] | -help | -version | -sockets

+
+
WIN32:
+ +
+

stunnel [fichier] | -install | -uninstall | -help | -version | -sockets

+
+
+

+

+
+

DESCRIPTION

+

Le programme stunnel est conçu pour fonctionner comme une couche +de chiffrement SSL entre des clients distants et des serveurs locaux +(inetd-démarrables) ou distants. Le concept est qu'à partir de daemons +non-SSL présents sur le système, on peut facilement les configurer pour +communiquer avec des clients sur des liens sécurisés SSL.

+

stunnel peut être utilisé pour ajouter des fonctionnalités SSL à des +daemons classiques Inetd tels que les serveurs POP-2, POP-3 et IMAP, +à d'autres autonomes tels que NNTP, SMTP et HTTP, ainsi que pour tunneliser +PPP sur des sockets réseau sans modification du code source.

+

Ce produit inclut du code de chiffrement écrit par +Eric Young (eay@cryptsoft.com)

+

+

+
+

OPTIONS

+
+
[fichier]
+ +
+

Utilisation du fichier de configuration spécifié.

+
+
-fd [n] (Unix seulement)
+ +
+

Lecture du fichier de configuration depuis le descripteur de +fichier indiqué.

+
+
-help
+ +
+

Affiche le menu d'aide de stunnel.

+
+
-version
+ +
+

Affiche la version de stunnel et les options de compilation.

+
+
-sockets
+ +
+

Affiche les options socket par défaut.

+
+
-install (NT/2000/XP seulement)
+ +
+

Installe un service NT.

+
+
-uninstall (NT/2000/XP only)
+ +
+

Désinstalle un service NT.

+
+
+

+

+
+

FICHIER DE CONFIGURATION

+

Chaque ligne du fichier de configuration peut être soit :

+
    +
  • +

    une ligne vide (ignorée) ;

    +
  • +
  • +

    un commentaire commençant par « # » (ignoré) ;

    +
  • +
  • +

    une paire « option = valeur » ;

    +
  • +
  • +

    « [service_name] » indiquant le début de la définition d'un service ;

    +
  • +
+

+

+

OPTIONS GLOBALES

+
+
CApath = répertoire
+ +
+

Répertoire des autorités de certification (CA)

+

C'est le répertoire dans lequel stunnel cherche les certificats si +l'on utilise verify. Les certificats doivent être dénommés selon la +forme XXXXXXXX.0, où XXXXXXXX est la valeur de hachage du certificat.

+

Le cas échéant, le répertoire CApath est relatif au répertoire chroot.

+
+
CAfile = fichier
+ +
+

Fichier d'autorités de certification

+

Ce fichier, utilisé avec verify, contient plusieurs certificats de CA.

+
+
cert = fichier
+ +
+

Fichier de chaîne de certificats PEM

+

Une PEM est toujours nécessaire en mode serveur. +En mode client, cette option utilise cette PEM comme une chaîne côté client. +L'utilisation de certificats côté client est optionnelle. Les certificats +doivent être au format PEM et triés par ordre de niveau décroissant (CA racine +en premier).

+
+
chroot = répertoire (Unix seulement)
+ +
+

Répertoire de chroot du processus stunnel

+

chroot enferme stunnel dans une cellule chroot. CApath, CRLpath, pid +et exec sont situés à l'intérieur de la cellule et les répertoires doivent être +relatifs au répertoire correspondant.

+

Pour que le contrôle de libwrap (wrappeur TCP) soit effectif dans un environnement +chroot, il faut aussi y recopier leurs fichiers de configuration (/etc/hosts.allow et +/etc/hosts.deny).

+
+
ciphers = listes de chiffre
+ +
+

Sélection des chiffres SSL autorisés

+

Liste délimitée par deux-points (« : ») des chiffres autorisés pour la connexion SSL. +Exemple : DES-CBC3-SHA:IDEA-CBC-MD5

+
+
client = yes | no
+ +
+

Mode client (Le service distant utilise SSL)

+

Par défaut : no (mode server)

+
+
CRLpath = répertoire
+ +
+

Répertoire des listes de révocation de certificats (CRL)

+

C'est le répertoire dans lequel stunnel recherche les CRL avec +l'option verify. Les CRL doivent être dénommés selon la +forme XXXXXXXX.0 où XXXXXXXX est la valeur de hachage de la CRL.

+

Le cas échéant, le répertoire CRLpath est relatif au répertoire chroot.

+
+
CRLfile = fichier
+ +
+

Fichier de listes de révocation de certificats (CRL)

+

Ce fichier, utilisé avec verify, contient plusieurs CRL.

+
+
debug = [facilité.]niveau
+ +
+

niveau de déverminage

+

Le niveau est un nom ou un numéro conforme à ceux de syslog : +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6) ou debug (7). Toutes les traces du niveau indiqué et des niveaux +numériquement inférieurs seront affichées. debug = debug ou +debug = 7 donneront le maximum d'informations. La valeur par défaut +est notice (5).

+

La facilité syslog « daemon » est utilisée, sauf si un autre nom est spécifié +(Win32 ne permet pas l'usage des facilités.)

+

La casse est ignorée, aussi bien pour la facilité que pour le niveau.

+
+
EGD = chemin (Unix seulement)
+ +
+

Emplacement du socket du daemon de recueil d'entropie (EGD - Entropy Gathering Daemon)

+

Socket EGD à utiliser pour alimenter le générateur d'aléatoires de OpenSSL (disponible +seulement si la compilation a été effectuée avec OpenSSL 0.9.5a ou supérieur).

+
+
foreground = yes | no (Unix seulement)
+ +
+

Mode avant-plan

+

Reste en avant-plan (sans fork) et dirige la trace sur stderr +au lieu de syslog (sauf si output est spécifié).

+

Par défault : arrière-plan en mode daemon.

+
+
key = fichier
+ +
+

Fichier de clef privée pour le certificat spécifié par cert

+

La clef privée est nécessaire pour authentifier le titulaire du +certificat. +Puisque ce fichier doit rester secret, il ne doit être lisible que +par son propriétaire. Sur les systèmes Unix, on peut utiliser la +commande suivante :

+
+    chmod 600 fichier
+

Par défault : Valeur de cert

+
+
options = Options_SSL
+ +
+

Options de la bibliothèque OpenSSL

+

Le paramètre est l'option OpenSSL décrite dans la page de man +SSL_CTX_set_options(3ssl), débarassée du préfixe SSL_OP_. +Plusieurs options peuvent être spécifiées.

+

Par exemple, pour la compatibilité avec l'implantation SSL défaillante +d'Eudora, on peut utiliser :

+
+    options = DONT_INSERT_EMPTY_FRAGMENTS
+
+
output = fichier
+ +
+

Ajoute la trace à la fin d'un fichier au lieu d'utiliser syslog.

+

/dev/stdout peut être utilisé pour afficher les traces sur la sortie standard +(par exemple pour les traiter avec les outils splogger).

+
+
pid = fichier (Unix seulement)
+ +
+

Emplacement du fichier pid

+

Si l'argument est vide, aucun fichier ne sera créé.

+

Le cas échéant, le chemin pid est relatif au répertoire chroot.

+
+
RNDbytes = nombre
+ +
+

Nombre d'octets à lire depuis les fichiers de « sel » aléatoire

+

Avec les SSL de version inférieure à 0.9.5a, détermine aussi le nombre +d'octets considérés comme suffisants pour « saler » le PRNG. Les versions plus +récentes d'OpenSSL ont une fonction intégrée qui détermine lorsque l'aléatoire +est suffisant.

+
+
RNDfile = fichier
+ +
+

chemin du fichier de données de « sel » aléatoire

+

La bibliothèque SSL utilise prioritairement les données de ce fichier pour +« saler » le générateur d'aléatoire.

+
+
RNDoverwrite = yes | no
+ +
+

Recouvre les fichiers de « sel » avec de nouvelles données aléatoires.

+

Par défaut : yes

+
+
service = nom
+ +
+

Définit le nom de service à utiliser

+

Sous Unix : nom de service du mode inetd pour la bibliothèque TCP Wrapper.

+

Par défaut : stunnel

+
+
session = timeout
+ +
+

Timeout du cache de session

+
+
setgid = nom (Unix seulement)
+ +
+

Nom de groupe utilisé en mode daemon (les éventuels autres noms de groupe attribués sont supprimés)

+
+
setuid = nom (Unix seulement)
+ +
+

Nom d'utilisateur utilisé en mode daemon

+
+
socket = a|l|r:option=valeur[:valeur]
+ +
+

Configure une option de socket accept (a), locale (l) ou distante (r)

+

Les valeurs de l'option linger sont : l_onof:l_linger. +Les valeurs de l'option time sont : tv_sec:tv_usec.

+

Exemples :

+
+    socket = l:SO_LINGER=1:60
+        définit un délai d'une minute pour la clôture des sockets locaux
+    socket = r:SO_OOBINLINE=yes
+        Place directement les données hors-bande dans le flux de réception
+        des sockets distants
+    socket = a:SO_REUSEADDR=no
+        désactive la réutilisation d'adresses (activée par défaut)
+    socket = a:SO_BINDTODEVICE=lo
+        limite l'acceptation des connexions sur la seule interface de bouclage
+
+
taskbar = yes | no (WIN32 seulement)
+ +
+

active l'icône de la barre de tâches

+

Par défaut : yes

+
+
verify = niveau
+ +
+

Vérifie le certificat du correspondant

+
+    niveau 1 - vérifie le certificat s'il est présent
+    niveau 2 - vérifie le certificat
+    niveau 3 - contrôle le correspondant avec le certificat local
+

Par défaut - pas de vérification

+
+
+

+

+

OPTIONS DE SERVICE

+

Chaque section de configuration commence par le nom du service entre crochets. +Celui-ci est utilisé par le contrôle d'accès de libwrap (TCP Wrappers) et sert +à distinguer les services stunnel dans les fichiers de traces.

+

Si l'on souhaite utiliser stunnel en mode inetd (lorsqu'un socket lui est +fourni par un serveur comme inetd, xinetd ou tcpserver), il faut se +reporter à la section MODE INETD plus bas.

+
+
accept = [hôte:]port
+ +
+

Accepte des connexions sur le port spécifié

+

Si l'hôte n'est pas indiqué, le port est ouvert pour toutes les adresses IP de +la machine locale.

+
+
connect = [hôte:]port
+ +
+

Se connecte au port distant indiqué

+

Par défaut, l'hôte est localhost.

+
+
delay = yes | no
+ +
+

Retarde la recherche DNS pour l'option « connect »

+
+
exec = chemin_exécutable (Unix seulement)
+ +
+

Exécute un programme local de type inetd

+

Le cas échéant, le chemin exec est relatif au répertoire chroot.

+
+
execargs = $0 $1 $2 ... (Unix seulement)
+ +
+

Arguments pour exec, y compris le nom du programme ($0)

+

Les quotes ne peuvent actuellement pas être utilisées. +Les arguments sont séparés par un nombre quelconque d'espaces.

+
+
ident = nom
+ +
+

Applique le contrôle d'identité d'utilisateur IDENT (RFC 1413)

+
+
local = hôte
+ +
+

Adresse IP de l'interface de sortie utilisée pour les connexions distantes. +Cette option permet de relier une adresse statique locale.

+
+
protocol = protocole
+ +
+

Négocie avec SSL selon le protocole indiqué

+

Actuellement gérés : cifs, nntp, pop3, smtp

+
+
pty = yes | no (Unix seulement)
+ +
+

Alloue un pseudo-terminal pour l'option « exec »

+
+
TIMEOUTbusy = secondes
+ +
+

Durée d'attente de données

+
+
TIMEOUTclose = secondes
+ +
+

Durée d'attente du close_notify (mis à 0 pour MSIE qui est bogué)

+
+
TIMEOUTidle = secondes
+ +
+

Durée d'attente sur une connexion inactive

+
+
transparent = yes | no (Unix seulement)
+ +
+

Mode mandataire transparent

+

Ré-écrit les adresses pour qu'elles apparaissent provenir de la +machine client SSL plutôt que de celle qui exécute stunnel. +Cette option n'est disponible en mode local (option exec) qu'avec +la bibliothèque partagée LD_PRELOADing env.so shared library et en mode +distant (option connect) sur les noyaux Linux 2.2 compilés avec +l'option transparent proxy et seulement en mode serveur. Cette +option ne se combine pas au mode mandataire (connect) sauf si la +route par défaut du client vers la cible passe par l'hôte qui fait +tourner stunnel, qui ne peut être localhost.

+
+
+

+

+
+

VALEUR DE RETOUR

+

stunnel renvoie zéro en cas de succès, une autre valeur en cas d'erreur.

+

+

+
+

EXEMPLES

+

Pour encapsuler votre service imapd local avec SSL :

+
+    [imapd]
+    accept = 993
+    exec = /usr/sbin/imapd
+    execargs = imapd
+

Pour tunneliser un daemon pppd sur le port 2020 :

+
+    [vpn]
+    accept = 2020
+    exec = /usr/sbin/pppd
+    execargs = pppd local
+    pty = yes
+

Configuration de stunnel.conf pour utiliser stunnel en mode inetd +qui lance imapd à son tour (il ne doit pas y avoir de section [service_name]) :

+
+    exec = /usr/sbin/imapd
+    execargs = imapd
+

+

+
+

FICHIERS

+
+
stunnel.conf
+ +
+

Fichier de configuration de stunnel

+
+
stunnel.pem
+ +
+

Certificat et clef privée de stunnel

+
+
+

+

+
+

BOGUES

+

L'option execargs n'admet pas les quotes.

+

+

+
+

RESTRICTIONS

+

stunnel ne peut être utilisé pour le daemon FTP en raison de la nature +du protocole FTP qui utilise des ports multiples pour les transferts de données. +Il existe cependant des versions SSL de FTP et de telnet.

+

+

+
+

NOTES

+

+

+

MODE INETD

+

L'utilisation la plus commune de stunnel consiste à écouter un port +réseau et à établir une communication, soit avec un nouveau port +avec l'option connect, soit avec un programme avec l'option exec. +On peut parfois cependant souhaiter qu'un autre programme reçoive les +connexions entrantes et lance stunnel, par exemple avec inetd, +xinetd ou tcpserver.

+

Si, par exemple, la ligne suivante se trouve dans inetd.conf :

+
+    imaps stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/imaps.conf
+

Dans ces cas, c'est le programme du genre inetd-style qui est +responsable de l'établissement de la connexion (imaps ci-dessus) et de passer +celle-ci à stunnel. +Ainsi, stunnel ne doit alors avoir aucune option accept. +Toutes les options de niveau service doivent être placées dans +la section des options globales et aucune section [service_name] ne doit +être présente. Voir la section EXEMPLES pour des exemples de configurations.

+

+

+

CERTIFICATS

+

Chaque daemon à propriétés SSL doit présenter un certificat X.509 +valide à son interlocuteur. Il a aussi besoin d'une clef privé pour +déchiffrer les données entrantes. La méthode la plus simple pour +obtenir un certificat et une clef est d'engendrer celles-ci avec +le paquetage libre OpenSSL. Plus d'informations sur la génération de +certificats se trouvent dans les pages indiquées plus bas.

+

Deux choses importantes lors de la génération de paires certificat-clef +pour stunnel :

+
    +
  • +

    la clef privée ne peut être chiffrée puisque le serveur n'a aucun moyen +d'obtenir le mot de passe de l'utilisateur ; pour produire une clef non chiffrée, +ajouter l'option -nodes à la commande req de OpenSSL ;

    +
  • +
  • +

    l'ordre du contenu du fichier .pem est significatif : il doit contenir d'abord +une clef privée non chiffrée, puis un certificat signé (et non une demande de certificat). +Il doit aussi y avoir des lignes vides après le certificat et après la clef privée. +L'information textuelle ajoutée au début d'un certificat doit être supprimée afin que +le fichier ait l'allure suivante :

    +
    +    -----BEGIN RSA PRIVATE KEY-----
    +    [clef encodée]
    +    -----END RSA PRIVATE KEY-----
    +    [ligne vide]
    +    -----BEGIN CERTIFICATE-----
    +    [certificat encodé]
    +    -----END CERTIFICATE-----
    +    [ligne vide]
    +
  • +
+

+

+

ALEATOIRE

+

stunnel doit « saler » le générateur de pseudo-aléatoires PRNG (pseudo random +number generator) afin que SSL utilise un aléatoire de qualité. Les sources suivantes +sont chargées dans l'ordre jusqu'à ce qu'une quantité suffisante de données soit lue :

+
    +
  • +

    le fichier spécifié par RNDfile ;

    +
  • +
  • +

    le fichier spécifié par la variable d'environnement RANDFILE, à défaut +le fichier .rnd du répertoire $HOME de l'utilisateur ;

    +
  • +
  • +

    le fichier spécifié par « --with-random » lors de la compilation ;

    +
  • +
  • +

    le contenu de l'écran (MS-Windows seulement) ;

    +
  • +
  • +

    le socket EGD spécifié par EGD ;

    +
  • +
  • +

    le socket EGD spécifié par « --with-egd-sock » lors de la compilation ;

    +
  • +
  • +

    le périphérique /dev/urandom.

    +
  • +
+

Avec un OpenSSL récent (>=OpenSSL 0.9.5a) le chargement de données s'arrête +automatiquement lorsqu'un niveau d'entropie suffisant est atteint. +Les versions précédentes continuent à lire toutes les sources puisqu'aucune +fonction SSL ne leur permet de savoir que suffisamment de données sont disponibles.

+

Sur les machines MS-Windows qui n'ont pas d'interaction utilisateur sur la console, +(mouvements de souris, création de fenêtres, etc.), le contenu de l'écran n'est +pas suffisamment changeant et il est nécessaire de fournir un fichier d'aléatoire +par le biais de RNDfile.

+

Le fichier spécifié par RNDfile doit contenir des informations aléatoires -- +c'est-à-dire des informations différentes à chaque lancement de stunnel. +Cela est géré automatiquement sauf si l'option RNDoverwrite est utilisée. +Si l'on souhaite procéder manuellement à la mise à jour de ce fichier, la +commande openssl rand des versions récentes d'OpenSSL sera sans doute utile.

+

Note importante : si /dev/urandom est disponible, OpenSSL a l'habitude d'utiliser +celui-ci pour « saler » le PRNG même lorsqu'il contrôle l'état de l'aléatoire ; +ainsi, même si /dev/urandom est dernier de la liste ci-dessus, il est vraisemblable +qu'il soit utilisé s'il est présent. +Ce n'est pas le comportement de stunnel, c'est celui d'OpenSSL.

+

+

+
+

VOIR AUSSI

+
+
tcpd(8)
+ +
+

Service de contrôle d'accès pour les services internet

+
+
inetd(8)
+ +
+

« super-serveur » internet

+
+
http://www.stunnel.org/
+ +
+

Page de référence de stunnel

+
+
http://www.openssl.org/
+ +
+

Site web du projet OpenSSL

+
+
+

+

+
+

AUTEUR

+
+
Michał Trojnara
+ +
+

<Michal.Trojnara@mirt.net>

+
+
+

+

+
+

ADAPTATION FRANÇAISE

+
+
Bernard Choppy
+ +
+

<choppy AT free POINT fr>

+
+
+ + + + diff --git a/doc/stunnel.fr.pod b/doc/stunnel.fr.pod new file mode 100644 index 0000000..4a1362a --- /dev/null +++ b/doc/stunnel.fr.pod @@ -0,0 +1,636 @@ +=head1 NOM + +=encoding utf8 + +stunnel - tunnel SSL universel + +=head1 SYNOPSIS + +=over 4 + +=item B + +B S<[fichier]> | S<-fd [n]> | S<-help> | S<-version> | S<-sockets> + +=item B + +B S<[fichier]> | S<-install> | S<-uninstall> | S<-help> | S<-version> | S<-sockets> + +=back + + +=head1 DESCRIPTION + +Le programme B est conçu pour fonctionner comme une couche +de chiffrement I entre des clients distants et des serveurs locaux +(I-démarrables) ou distants. Le concept est qu'à partir de daemons +non-SSL présents sur le système, on peut facilement les configurer pour +communiquer avec des clients sur des liens sécurisés SSL. + +B peut être utilisé pour ajouter des fonctionnalités SSL à des +daemons classiques I tels que les serveurs POP-2, POP-3 et IMAP, +à d'autres autonomes tels que NNTP, SMTP et HTTP, ainsi que pour tunneliser +PPP sur des sockets réseau sans modification du code source. + +Ce produit inclut du code de chiffrement écrit par +Eric Young (eay@cryptsoft.com) + + +=head1 OPTIONS + +=over 4 + +=item B<[fichier]> + +Utilisation du fichier de configuration spécifié. + +=item B<-fd [n]> (Unix seulement) + +Lecture du fichier de configuration depuis le descripteur de +fichier indiqué. + +=item B<-help> + +Affiche le menu d'aide de B. + +=item B<-version> + +Affiche la version de B et les options de compilation. + +=item B<-sockets> + +Affiche les options socket par défaut. + +=item B<-install> (NT/2000/XP seulement) + +Installe un service NT. + +=item B<-uninstall> (NT/2000/XP only) + +Désinstalle un service NT. + +=back + + +=head1 FICHIER DE CONFIGURATION + +Chaque ligne du fichier de configuration peut être soitE: + +=over 4 + +=item * + +une ligne vide (ignorée)E; + +=item * + +un commentaire commençant par «E#E» (ignoré)E; + +=item * + +une paire «Eoption = valeurE»E; + +=item * + +«E[service_name]E» indiquant le début de la définition d'un serviceE; + +=back + +=head2 OPTIONS GLOBALES + +=over 4 + +=item B = répertoire + +Répertoire des autorités de certification (CA) + +C'est le répertoire dans lequel B cherche les certificats si +l'on utilise I. Les certificats doivent être dénommés selon la +forme XXXXXXXX.0, où XXXXXXXX est la valeur de hachage du certificat. + +Le cas échéant, le répertoire I est relatif au répertoire I. + +=item B = fichier + +Fichier d'autorités de certification + +Ce fichier, utilisé avec I, contient plusieurs certificats de CA. + +=item B = fichier + +Fichier de chaîne de certificats PEM + +Une PEM est toujours nécessaire en mode serveur. +En mode client, cette option utilise cette PEM comme une chaîne côté client. +L'utilisation de certificats côté client est optionnelle. Les certificats +doivent être au format PEM et triés par ordre de niveau décroissant (CA racine +en premier). + +=item B = répertoire (Unix seulement) + +Répertoire de chroot du processus B + +B enferme B dans une cellule chroot. I, I, I +et I sont situés à l'intérieur de la cellule et les répertoires doivent être +relatifs au répertoire correspondant. + +Pour que le contrôle de libwrap (wrappeur TCP) soit effectif dans un environnement +chroot, il faut aussi y recopier leurs fichiers de configuration (/etc/hosts.allow et +/etc/hosts.deny). + +=item B = listes de chiffre + +Sélection des chiffres SSL autorisés + +Liste délimitée par deux-points («E:E») des chiffres autorisés pour la connexion SSL. +ExempleE: DES-CBC3-SHA:IDEA-CBC-MD5 + +=item B = yes | no + +Mode client (Le service distant utilise SSL) + +Par défautE: no (mode server) + +=item B = répertoire + +Répertoire des listes de révocation de certificats (CRL) + +C'est le répertoire dans lequel B recherche les CRL avec +l'option I. Les CRL doivent être dénommés selon la +forme XXXXXXXX.0 où XXXXXXXX est la valeur de hachage de la CRL. + +Le cas échéant, le répertoire I est relatif au répertoire I. + +=item B = fichier + +Fichier de listes de révocation de certificats (CRL) + +Ce fichier, utilisé avec I, contient plusieurs CRL. + +=item B = [facilité.]niveau + +niveau de déverminage + +Le niveau est un nom ou un numéro conforme à ceux de syslogE: +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6) ou debug (7). Toutes les traces du niveau indiqué et des niveaux +numériquement inférieurs seront affichées. B ou +B donneront le maximum d'informations. La valeur par défaut +est notice (5). + +La facilité syslog «EdaemonE» est utilisée, sauf si un autre nom est spécifié +(Win32 ne permet pas l'usage des facilités.) + +La casse est ignorée, aussi bien pour la facilité que pour le niveau. + +=item B = chemin (Unix seulement) + +Emplacement du socket du daemon de recueil d'entropie (EGD - Entropy Gathering Daemon) + +Socket EGD à utiliser pour alimenter le générateur d'aléatoires de OpenSSL (disponible +seulement si la compilation a été effectuée avec OpenSSL 0.9.5a ou supérieur). + +=item B = yes | no (Unix seulement) + +Mode avant-plan + +Reste en avant-plan (sans fork) et dirige la trace sur stderr +au lieu de syslog (sauf si B est spécifié). + +Par défaultE: arrière-plan en mode daemon. + +=item B = fichier + +Fichier de clef privée pour le certificat spécifié par I + +La clef privée est nécessaire pour authentifier le titulaire du +certificat. +Puisque ce fichier doit rester secret, il ne doit être lisible que +par son propriétaire. Sur les systèmes Unix, on peut utiliser la +commande suivanteE: + + chmod 600 fichier + +Par défaultE: Valeur de I + +=item B = Options_SSL + +Options de la bibliothèque OpenSSL + +Le paramètre est l'option OpenSSL décrite dans la page de man +I, débarassée du préfixe I. +Plusieurs I peuvent être spécifiées. + +Par exemple, pour la compatibilité avec l'implantation SSL défaillante +d'Eudora, on peut utiliserE: + + options = DONT_INSERT_EMPTY_FRAGMENTS + +=item B = fichier + +Ajoute la trace à la fin d'un fichier au lieu d'utiliser syslog. + +/dev/stdout peut être utilisé pour afficher les traces sur la sortie standard +(par exemple pour les traiter avec les outils splogger). + +=item B = fichier (Unix seulement) + +Emplacement du fichier pid + +Si l'argument est vide, aucun fichier ne sera créé. + +Le cas échéant, le chemin I est relatif au répertoire I. + +=item B = nombre + +Nombre d'octets à lire depuis les fichiers de «EselE» aléatoire + +Avec les SSL de version inférieure à 0.9.5a, détermine aussi le nombre +d'octets considérés comme suffisants pour «EsalerE» le PRNG. Les versions plus +récentes d'OpenSSL ont une fonction intégrée qui détermine lorsque l'aléatoire +est suffisant. + +=item B = fichier + +chemin du fichier de données de «EselE» aléatoire + +La bibliothèque SSL utilise prioritairement les données de ce fichier pour +«EsalerE» le générateur d'aléatoire. + +=item B = yes | no + +Recouvre les fichiers de «EselE» avec de nouvelles données aléatoires. + +Par défautE: yes + +=item B = nom + +Définit le nom de service à utiliser + +B:> nom de service du mode I pour la bibliothèque TCP Wrapper. + +Par défautE: stunnel + +=item B = timeout + +Timeout du cache de session + +=item B = nom (Unix seulement) + +Nom de groupe utilisé en mode daemon (les éventuels autres noms de groupe attribués sont supprimés) + +=item B = nom (Unix seulement) + +Nom d'utilisateur utilisé en mode daemon + +=item B = a|l|r:option=valeur[:valeur] + +Configure une option de socket accept (a), locale (l) ou distante (r) + +Les valeurs de l'option linger sontE: l_onof:l_linger. +Les valeurs de l'option time sontE: tv_sec:tv_usec. + +ExemplesE: + + socket = l:SO_LINGER=1:60 + définit un délai d'une minute pour la clôture des sockets locaux + socket = r:SO_OOBINLINE=yes + Place directement les données hors-bande dans le flux de réception + des sockets distants + socket = a:SO_REUSEADDR=no + désactive la réutilisation d'adresses (activée par défaut) + socket = a:SO_BINDTODEVICE=lo + limite l'acceptation des connexions sur la seule interface de bouclage + +=item B = yes | no (WIN32 seulement) + +active l'icône de la barre de tâches + +Par défautE: yes + +=item B = niveau + +Vérifie le certificat du correspondant + + niveau 1 - vérifie le certificat s'il est présent + niveau 2 - vérifie le certificat + niveau 3 - contrôle le correspondant avec le certificat local + +Par défaut - pas de vérification + +=back + + +=head2 OPTIONS DE SERVICE + +Chaque section de configuration commence par le nom du service entre crochets. +Celui-ci est utilisé par le contrôle d'accès de libwrap (TCP Wrappers) et sert +à distinguer les services B dans les fichiers de traces. + +Si l'on souhaite utiliser B en mode I (lorsqu'un socket lui est +fourni par un serveur comme I, I ou I), il faut se +reporter à la section I plus bas. + + +=over 4 + +=item B = [hôte:]port + +Accepte des connexions sur le port spécifié + +Si l'hôte n'est pas indiqué, le port est ouvert pour toutes les adresses IP de +la machine locale. + +=item B = [hôte:]port + +Se connecte au port distant indiqué + +Par défaut, l'hôte est localhost. + +=item B = yes | no + +Retarde la recherche DNS pour l'option «EconnectE» + +=item B = chemin_exécutable (Unix seulement) + +Exécute un programme local de type inetd + +Le cas échéant, le chemin I est relatif au répertoire I. + +=item B = $0 $1 $2 ... (Unix seulement) + +Arguments pour I, y compris le nom du programme ($0) + +Les quotes ne peuvent actuellement pas être utilisées. +Les arguments sont séparés par un nombre quelconque d'espaces. + +=item B = nom + +Applique le contrôle d'identité d'utilisateur IDENT (RFC 1413) + +=item B = hôte + +Adresse IP de l'interface de sortie utilisée pour les connexions distantes. +Cette option permet de relier une adresse statique locale. + +=item B = protocole + +Négocie avec SSL selon le protocole indiqué + +Actuellement gérésE: cifs, nntp, pop3, smtp + +=item B = yes | no (Unix seulement) + +Alloue un pseudo-terminal pour l'option «EexecE» + +=item B = secondes + +Durée d'attente de données + +=item B = secondes + +Durée d'attente du close_notify (mis à 0 pour MSIE qui est bogué) + +=item B = secondes + +Durée d'attente sur une connexion inactive + +=item B = yes | no (Unix seulement) + +Mode mandataire transparent + +Ré-écrit les adresses pour qu'elles apparaissent provenir de la +machine client SSL plutôt que de celle qui exécute B. +Cette option n'est disponible en mode local (option I) qu'avec +la bibliothèque partagée LD_PRELOADing env.so shared library et en mode +distant (option I) sur les noyaux Linux 2.2 compilés avec +l'option I et seulement en mode serveur. Cette +option ne se combine pas au mode mandataire (I) sauf si la +route par défaut du client vers la cible passe par l'hôte qui fait +tourner B, qui ne peut être localhost. + +=back + + +=head1 VALEUR DE RETOUR + +B renvoie zéro en cas de succès, une autre valeur en cas d'erreur. + + +=head1 EXEMPLES + +Pour encapsuler votre service I local avec SSLE: + + [imapd] + accept = 993 + exec = /usr/sbin/imapd + execargs = imapd + +Pour tunneliser un daemon I sur le port 2020E: + + [vpn] + accept = 2020 + exec = /usr/sbin/pppd + execargs = pppd local + pty = yes + +Configuration de I pour utiliser B en mode I +qui lance imapd à son tour (il ne doit pas y avoir de section I<[service_name]>)E: + + exec = /usr/sbin/imapd + execargs = imapd + + +=head1 FICHIERS + +=over 4 + +=item F + +Fichier de configuration de B + +=item F + +Certificat et clef privée de B + +=back + + +=head1 BOGUES + +L'option I n'admet pas les quotes. + + +=head1 RESTRICTIONS + +B ne peut être utilisé pour le daemon FTP en raison de la nature +du protocole FTP qui utilise des ports multiples pour les transferts de données. +Il existe cependant des versions SSL de FTP et de telnet. + + +=head1 NOTES + +=head2 MODE INETD + +L'utilisation la plus commune de B consiste à écouter un port +réseau et à établir une communication, soit avec un nouveau port +avec l'option I, soit avec un programme avec l'option I. +On peut parfois cependant souhaiter qu'un autre programme reçoive les +connexions entrantes et lance B, par exemple avec I, +I ou I. + +Si, par exemple, la ligne suivante se trouve dans IE: + + imaps stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/imaps.conf + +Dans ces cas, c'est le programme du genre I-style qui est +responsable de l'établissement de la connexion (I ci-dessus) et de passer +celle-ci à B. +Ainsi, B ne doit alors avoir aucune option I. +Toutes les I doivent être placées dans +la section des options globales et aucune section I<[service_name]> ne doit +être présente. Voir la section I pour des exemples de configurations. + +=head2 CERTIFICATS + +Chaque daemon à propriétés SSL doit présenter un certificat X.509 +valide à son interlocuteur. Il a aussi besoin d'une clef privé pour +déchiffrer les données entrantes. La méthode la plus simple pour +obtenir un certificat et une clef est d'engendrer celles-ci avec +le paquetage libre I. Plus d'informations sur la génération de +certificats se trouvent dans les pages indiquées plus bas. + +Deux choses importantes lors de la génération de paires certificat-clef +pour BE: + +=over 4 + +=item * + +la clef privée ne peut être chiffrée puisque le serveur n'a aucun moyen +d'obtenir le mot de passe de l'utilisateurE; pour produire une clef non chiffrée, +ajouter l'option I<-nodes> à la commande B de IE; + +=item * + +l'ordre du contenu du fichier I<.pem> est significatifE: il doit contenir d'abord +une clef privée non chiffrée, puis un certificat signé (et non une demande de certificat). +Il doit aussi y avoir des lignes vides après le certificat et après la clef privée. +L'information textuelle ajoutée au début d'un certificat doit être supprimée afin que +le fichier ait l'allure suivanteE: + + -----BEGIN RSA PRIVATE KEY----- + [clef encodée] + -----END RSA PRIVATE KEY----- + [ligne vide] + -----BEGIN CERTIFICATE----- + [certificat encodé] + -----END CERTIFICATE----- + [ligne vide] + +=back + +=head2 ALEATOIRE + +B doit «EsalerE» le générateur de pseudo-aléatoires PRNG (pseudo random +number generator) afin que SSL utilise un aléatoire de qualité. Les sources suivantes +sont chargées dans l'ordre jusqu'à ce qu'une quantité suffisante de données soit lueE: + +=over 4 + +=item * + +le fichier spécifié par IE; + +=item * + +le fichier spécifié par la variable d'environnement RANDFILE, à défaut +le fichier .rnd du répertoire $HOME de l'utilisateurE; + +=item * + +le fichier spécifié par «E--with-randomE» lors de la compilationE; + +=item * + +le contenu de l'écran (MS-Windows seulement)E; + +=item * + +le socket EGD spécifié par IE; + +=item * + +le socket EGD spécifié par «E--with-egd-sockE» lors de la compilationE; + +=item * + +le périphérique /dev/urandom. + +=back + +Avec un OpenSSL récent (>=OpenSSL 0.9.5a) le chargement de données s'arrête +automatiquement lorsqu'un niveau d'entropie suffisant est atteint. +Les versions précédentes continuent à lire toutes les sources puisqu'aucune +fonction SSL ne leur permet de savoir que suffisamment de données sont disponibles. + +Sur les machines MS-Windows qui n'ont pas d'interaction utilisateur sur la console, +(mouvements de souris, création de fenêtres, etc.), le contenu de l'écran n'est +pas suffisamment changeant et il est nécessaire de fournir un fichier d'aléatoire +par le biais de I. + +Le fichier spécifié par I doit contenir des informations aléatoires -- +c'est-à-dire des informations différentes à chaque lancement de B. +Cela est géré automatiquement sauf si l'option I est utilisée. +Si l'on souhaite procéder manuellement à la mise à jour de ce fichier, la +commande I des versions récentes d'OpenSSL sera sans doute utile. + +Note importanteE: si /dev/urandom est disponible, OpenSSL a l'habitude d'utiliser +celui-ci pour «EsalerE» le PRNG même lorsqu'il contrôle l'état de l'aléatoireE; +ainsi, même si /dev/urandom est dernier de la liste ci-dessus, il est vraisemblable +qu'il soit utilisé s'il est présent. +Ce n'est pas le comportement de B, c'est celui d'OpenSSL. + + +=head1 VOIR AUSSI + +=over 4 + +=item L + +Service de contrôle d'accès pour les services internet + +=item L + +«Esuper-serveurE» internet + +=item F + +Page de référence de B + +=item F + +Site web du projet OpenSSL + +=back + + +=head1 AUTEUR + +=over 4 + +=item Michał Trojnara + +> + +=back + +=head1 ADAPTATION FRANÇAISE + +=over 4 + +=item Bernard Choppy + +> + +=back diff --git a/doc/stunnel.html b/doc/stunnel.html new file mode 100644 index 0000000..8c3551e --- /dev/null +++ b/doc/stunnel.html @@ -0,0 +1,1051 @@ + + + + +stunnel.8 + + + + + + + + +
+

+ + + +
+ + +

+

+

NAME

+

stunnel - universal SSL tunnel

+

+

+
+

SYNOPSIS

+
+
Unix:
+ +
+

stunnel [<filename>] | -fd n | -help | -version | -sockets

+
+
WIN32:
+ +
+

stunnel [ [-install | -uninstall | -start | -stop] | -exit] + [-quiet] [<filename>] ] | -help | -version | -sockets

+
+
+

+

+
+

DESCRIPTION

+

The stunnel program is designed to work as SSL encryption wrapper +between remote clients and local (inetd-startable) or remote +servers. The concept is that having non-SSL aware daemons running on +your system you can easily set them up to communicate with clients over +secure SSL channels.

+

stunnel can be used to add SSL functionality to commonly used Inetd +daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like +NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without +changes to the source code.

+

This product includes cryptographic software written by +Eric Young (eay@cryptsoft.com)

+

+

+
+

OPTIONS

+
+
<filename>
+ +
+

Use specified configuration file

+
+
-fd n (Unix only)
+ +
+

Read the config file from specified file descriptor

+
+
-help
+ +
+

Print stunnel help menu

+
+
-version
+ +
+

Print stunnel version and compile time defaults

+
+
-sockets
+ +
+

Print default socket options

+
+
-install (NT/2000/XP only)
+ +
+

Install NT Service

+
+
-uninstall (NT/2000/XP only)
+ +
+

Uninstall NT Service

+
+
-start (NT/2000/XP only)
+ +
+

Start NT Service

+
+
-stop (NT/2000/XP only)
+ +
+

Stop NT Service

+
+
-exit (Win32 only)
+ +
+

Exit an already started stunnel

+
+
-quiet (NT/2000/XP only)
+ +
+

Don't display any message boxes

+
+
+

+

+
+

CONFIGURATION FILE

+

Each line of the configuration file can be either:

+ +

An address parameter of an option may be either:

+ +

+

+

GLOBAL OPTIONS

+
+
chroot = directory (Unix only)
+ +
+

directory to chroot stunnel process

+

chroot keeps stunnel in chrooted jail. CApath, CRLpath, pid +and exec are located inside the jail and the patches have to be relative +to the directory specified with chroot.

+
+
compression = deflate | zlib | rle
+ +
+

select data compression algorithm

+

default: no compression

+

deflate is the standard compression method as described in RFC 1951.

+

zlib compression of OpenSSL 0.9.8 or above is not backward compatible with +OpenSSL 0.9.7.

+

rle compression is currently not implemented by the OpenSSL library.

+
+
debug = [facility.]level
+ +
+

debugging level

+

Level is a one of the syslog level names or numbers +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6), or debug (7). All logs for the specified level and +all levels numerically less than it will be shown. Use debug = debug or +debug = 7 for greatest debugging output. The default is notice (5).

+

The syslog facility 'daemon' will be used unless a facility name is supplied. +(Facilities are not supported on Win32.)

+

Case is ignored for both facilities and levels.

+
+
EGD = egd path (Unix only)
+ +
+

path to Entropy Gathering Daemon socket

+

Entropy Gathering Daemon socket to use to feed OpenSSL random number +generator. (Available only if compiled with OpenSSL 0.9.5a or higher)

+
+
engine = auto | <engine id>
+ +
+

select hardware engine

+

default: software-only cryptography

+

Here is an example of advanced engine configuration to read private key from an +OpenSC engine

+
+    engine=dynamic
+    engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so
+    engineCtrl=ID:pkcs11
+    engineCtrl=LIST_ADD:1
+    engineCtrl=LOAD
+    engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so
+    engineCtrl=INIT
+
+    [service]
+    engineNum=1
+    key=id_45
+
+
engineCtrl = command[:parameter]
+ +
+

control hardware engine

+

Special commands "LOAD" and "INIT" can be used to load and initialize the +engine cryptogaphic module.

+
+
fips = yes | no
+ +
+

Enable or disable FIPS 140-2 mode.

+

This option allows to disable entering FIPS mode if stunnel was compiled with +FIPS 140-2 support.

+

default: yes

+
+
foreground = yes | no (Unix only)
+ +
+

foreground mode

+

Stay in foreground (don't fork) and log to stderr +instead of via syslog (unless output is specified).

+

default: background in daemon mode

+
+
output = file
+ +
+

append log messages to a file

+

/dev/stdout device can be used to send log messages to the standard +output (for example to log them with daemontools splogger).

+
+
pid = file (Unix only)
+ +
+

pid file location

+

If the argument is empty, then no pid file will be created.

+

pid path is relative to chroot directory if specified.

+
+
RNDbytes = bytes
+ +
+

bytes to read from random seed files

+

Number of bytes of data read from random seed files. With SSL versions +less than 0.9.5a, also determines how many bytes of data are considered +sufficient to seed the PRNG. More recent OpenSSL versions have a builtin +function to determine when sufficient randomness is available.

+
+
RNDfile = file
+ +
+

path to file with random seed data

+

The SSL library will use data from this file first to seed the random +number generator.

+
+
RNDoverwrite = yes | no
+ +
+

overwrite the random seed files with new random data

+

default: yes

+
+
service = servicename (Unix only)
+ +
+

use specified string as inetd mode service name for TCP Wrapper library

+

default: stunnel

+
+
setgid = groupname (Unix only)
+ +
+

setgid() to groupname in daemon mode and clears all other groups

+
+
setuid = username (Unix only)
+ +
+

setuid() to username in daemon mode

+
+
socket = a|l|r:option=value[:value]
+ +
+

Set an option on accept/local/remote socket

+

The values for linger option are l_onof:l_linger. +The values for time are tv_sec:tv_usec.

+

Examples:

+
+    socket = l:SO_LINGER=1:60
+        set one minute timeout for closing local socket
+    socket = r:SO_OOBINLINE=yes
+        place out-of-band data directly into the
+        receive data stream for remote sockets
+    socket = a:SO_REUSEADDR=no
+        disable address reuse (enabled by default)
+    socket = a:SO_BINDTODEVICE=lo
+        only accept connections on loopback interface
+
+
syslog = yes | no (Unix only)
+ +
+

enable logging via syslog

+

default: yes

+
+
taskbar = yes | no (WIN32 only)
+ +
+

enable the taskbar icon

+

default: yes

+
+
+

+

+

SERVICE-LEVEL OPTIONS

+

Each configuration section begins with service name in square brackets. +The service name is used for libwrap (TCP Wrappers) access control and lets +you distinguish stunnel services in your log files.

+

Note that if you wish to run stunnel in inetd mode (where it +is provided a network socket by a server such as inetd, xinetd, +or tcpserver) then you should read the section entitled INETD MODE +below.

+
+
accept = address
+ +
+

accept connections on specified address

+

If no host specified, defaults to all IPv4 addresses for the local host.

+

To listen on all IPv6 addresses use:

+
+    connect = :::port
+
+
CApath = directory
+ +
+

Certificate Authority directory

+

This is the directory in which stunnel will look for certificates when using +the verify. Note that the certificates in this directory should be named +XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the +cert.

+

The hash algorithm has been changed in OpenSSL 1.0.0. It is required to +c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x.

+

CApath path is relative to chroot directory if specified.

+
+
CAfile = certfile
+ +
+

Certificate Authority file

+

This file contains multiple CA certificates, used with the verify.

+
+
cert = pemfile
+ +
+

certificate chain PEM file name

+

A PEM is always needed in server mode. +Specifying this flag in client mode will use this certificate chain +as a client side certificate chain. Using client side certs is optional. +The certificates must be in PEM format and must be sorted starting with the +certificate to the highest level (root CA).

+
+
ciphers = cipherlist
+ +
+

Select permitted SSL ciphers

+

A colon delimited list of the ciphers to allow in the SSL connection. +For example DES-CBC3-SHA:IDEA-CBC-MD5

+
+
client = yes | no
+ +
+

client mode (remote service uses SSL)

+

default: no (server mode)

+
+
connect = address
+ +
+

connect to a remote address

+

If no host is specified, the host defaults to localhost.

+

Multiple connect options are allowed in a single service section.

+

If host resolves to multiple addresses and/or if multiple connect +options are specified, then the remote address is chosen using a +round-robin algorithm.

+
+
CRLpath = directory
+ +
+

Certificate Revocation Lists directory

+

This is the directory in which stunnel will look for CRLs when +using the verify. Note that the CRLs in this directory should +be named XXXXXXXX.r0 where XXXXXXXX is the hash value of the CRL.

+

The hash algorithm has been changed in OpenSSL 1.0.0. It is required to +c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x.

+

CRLpath path is relative to chroot directory if specified.

+
+
CRLfile = certfile
+ +
+

Certificate Revocation Lists file

+

This file contains multiple CRLs, used with the verify.

+
+
curve = nid
+ +
+

specify ECDH curve name

+

To get a list of supported cuves use:

+
+    openssl ecparam -list_curves
+

default: prime256v1

+
+
delay = yes | no
+ +
+

delay DNS lookup for 'connect' option

+

This option is useful for dynamic DNS, or when DNS is not available during +stunnel startup (road warrior VPN, dial-up configurations).

+
+
engineNum = engine number
+ +
+

select engine number to read private key

+

The engines are numbered starting from 1.

+
+
exec = executable_path
+ +
+

execute local inetd-type program

+

exec path is relative to chroot directory if specified.

+
+
execargs = $0 $1 $2 ...
+ +
+

arguments for exec including program name ($0)

+

Quoting is currently not supported. +Arguments are separated with arbitrary number of whitespaces.

+
+
failover = rr | prio
+ +
+

Failover strategy for multiple "connect" targets.

+
+    rr (round robin) - fair load distribution
+    prio (priority) - use the order specified in config file
+

default: rr

+
+
ident = username
+ +
+

use IDENT (RFC 1413) username checking

+
+
key = keyfile
+ +
+

private key for certificate specified with cert option

+

Private key is needed to authenticate certificate owner. +Since this file should be kept secret it should only be readable +to its owner. On Unix systems you can use the following command:

+
+    chmod 600 keyfile
+

default: value of cert option

+
+
libwrap = yes | no
+ +
+

Enable or disable the use of /etc/hosts.allow and /etc/hosts.deny.

+

default: yes

+
+
local = host
+ +
+

IP of the outgoing interface is used as source for remote connections. +Use this option to bind a static local IP address, instead.

+
+
sni = service_name:server_name (server mode)
+ +
+

Use the service as a slave service (a name-based virtual server) for Server +Name Indication TLS extension (RFC 3546).

+

service_name specifies the master service that accepts client connections +with accept option. server_name specifies the host name to be redirected. +Multiple slave services are normally specified for a single master service. +sni option can also be specified more than once within a single slave service.

+

This service, as well as the master service, may not be configured in client mode. +connect option of the slave service is ignored when protocol option is +specified, as protocol connects remote host before TLS handshake. +Libwrap checks (Unix only) are performed twice: with master service name after +TCP connection is accepted, and with slave service name during TLS handshake.

+

Option sni is only available when compiled with OpenSSL 1.0.0 and later.

+
+
sni = server_name (client mode)
+ +
+

Use the parameter as the value of TLS Server Name Indication (RFC 3546) +extension.

+

Option sni is only available when compiled with OpenSSL 1.0.0 and later.

+
+
OCSP = url
+ +
+

select OCSP server for certificate verification

+
+
OCSPflag = flag
+ +
+

specify OCSP server flag

+

Several OCSPflag can be used to specify multiple flags.

+

currently supported flags: NOCERTS, NOINTERN NOSIGS, NOCHAIN, NOVERIFY, +NOEXPLICIT, NOCASIGN, NODELEGATED, NOCHECKS, TRUSTOTHER, RESPID_KEY, NOTIME

+
+
options = SSL_options
+ +
+

OpenSSL library options

+

The parameter is the OpenSSL option name as described in the +SSL_CTX_set_options(3ssl) manual, but without SSL_OP_ prefix. +Several options can be used to specify multiple options.

+

For example for compatibility with erroneous Eudora SSL implementation +the following option can be used:

+
+    options = DONT_INSERT_EMPTY_FRAGMENTS
+
+
protocol = proto
+ +
+

application protocol to negotiate SSL (e.g. starttls or stls)

+

protocol option should not be used with SSL encryption on a separate port.

+

Currently supported protocols:

+
+
cifs
+ +
+

Proprietary (undocummented) extension of CIFS protocol implemented in Samba. +Support for this extension was dropped in Samba 3.0.0.

+
+
connect
+ +
+

Based on RFC 2817 - Upgrading to TLS Within HTTP/1.1, section 5.2 - Requesting a Tunnel with CONNECT

+

This protocol is only supported in client mode.

+
+
imap
+ +
+

Based on RFC 2595 - Using TLS with IMAP, POP3 and ACAP

+
+
nntp
+ +
+

Based on RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)

+

This protocol is only supported in client mode.

+
+
pgsql
+ +
+

Based on http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982

+
+
pop3
+ +
+

Based on RFC 2449 - POP3 Extension Mechanism

+
+
proxy
+ +
+

Haproxy client IP address http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt

+
+
smtp
+ +
+

Based on RFC 2487 - SMTP Service Extension for Secure SMTP over TLS

+
+
+
+
protocolAuthentication = auth_type
+ +
+

authentication type for protocol negotiations

+

currently supported: basic, NTLM

+

Currently authentication type only applies to 'connect' protocol.

+

default: basic

+
+
protocolHost = host:port
+ +
+

destination address for protocol negotiations

+
+
protocolPassword = password
+ +
+

password for protocol negotiations

+
+
protocolUsername = username
+ +
+

username for protocol negotiations

+
+
pty = yes | no (Unix only)
+ +
+

allocate pseudo terminal for 'exec' option

+
+
retry = yes | no (Unix only)
+ +
+

reconnect a connect+exec section after it's disconnected

+

default: no

+
+
session = timeout
+ +
+

session cache timeout

+
+
sessiond = host:port
+ +
+

address of sessiond SSL cache server

+
+
sslVersion = version
+ +
+

select version of SSL protocol

+

Allowed options: all, SSLv2, SSLv3, TLSv1

+
+
stack = bytes (except for FORK model)
+ +
+

thread stack size

+
+
TIMEOUTbusy = seconds
+ +
+

time to wait for expected data

+
+
TIMEOUTclose = seconds
+ +
+

time to wait for close_notify (set to 0 for buggy MSIE)

+
+
TIMEOUTconnect = seconds
+ +
+

time to wait to connect a remote host

+
+
TIMEOUTidle = seconds
+ +
+

time to keep an idle connection

+
+
transparent = none | source | destination | both (Unix only)
+ +
+

enable transparent proxy support on selected platforms

+

Supported values:

+
+
none
+ +
+

Disable transparent proxy support. This is the default.

+
+
source
+ +
+

Re-write address to appear as if wrapped daemon is connecting +from the SSL client machine instead of the machine running stunnel.

+

This option is currently available in:

+
+
Remote mode (connect option) on Linux >=2.6.28
+ +
+

This configuration requires stunnel to be executed as root and without +setuid option.

+

This configuration requires the following setup for iptables and routing +(possibly in /etc/rc.local or equivalent file):

+
+    iptables -t mangle -N DIVERT
+    iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+    iptables -t mangle -A DIVERT -j MARK --set-mark 1
+    iptables -t mangle -A DIVERT -j ACCEPT
+    ip rule add fwmark 1 lookup 100
+    ip route add local 0.0.0.0/0 dev lo table 100
+    echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
+

stunnel must also to be executed as root and without setuid option.

+
+
Remote mode (connect option) on Linux 2.2.x
+ +
+

This configuration requires kernel to be compiled with transparent proxy option. +Connected service must be installed on a separate host. +Routing towards the clients has to go through the stunnel box.

+

stunnel must also to be executed as root and without setuid option.

+
+
Remote mode (connect option) on FreeBSD >=8.0
+ +
+

This configuration requires additional firewall and routing setup. +stunnel must also to be executed as root and without setuid option.

+
+
Local mode (exec option)
+ +
+

This configuration works by pre-loading libstunnel.so shared library. +_RLD_LIST environment variable is used on Tru64, and LD_PRELOAD variable on +other platforms.

+
+
+
+
destination
+ +
+

Original destination is used instead of connect option.

+

A service section for transparent destination may look like this:

+
+    [transparent]
+    client=yes
+    accept=<stunnel_port>
+    transparent=destination
+

This configuration requires the following setup for iptables +(possibly in /etc/rc.local or equivalent file):

+
+    /sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT
+    /sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport <redirected_port> -j DNAT --to-destination <local_ip>:<stunnel_port>
+

Transparent destination option is currently only supported on Linux.

+
+
both
+ +
+

Use both source and destination transparent proxy.

+
+
+

Two legacy options are also supported for backward compatibility:

+
+
yes
+ +
+

This options has been renamed to source.

+
+
no
+ +
+

This options has been renamed to none.

+
+
+
+
verify = level
+ +
+

verify peer certificate

+
+
level 0 - request and ignore peer certificate
+ +
level 1 - verify peer certificate if present
+ +
level 2 - verify peer certificate
+ +
level 3 - verify peer with locally installed certificate
+ +
level 4 - ignore CA chain and only verify peer certificate
+ +
default - no verify
+ +
+

It is important to understand, that this option was solely designed for access +control and not for authorization. Specifically for level 2 every non-revoked +certificate is accepted regardless of its Common Name. For this reason a +dedicated CA should be used with level 2, and not a generic CA commonly used +for webservers. Level 3 is preferred for point-to-point connections.

+
+
+

+

+
+

RETURN VALUE

+

stunnel returns zero on success, non-zero on error.

+

+

+
+

SIGNALS

+

The following signals can be used to control stunnel in Unix environment:

+
+
SIGHUP
+ +
+

Force a reload of the configuration file.

+

Some global options will not be reloaded:

+ +

The use of 'setuid' option will also prevent stunnel from binding privileged +(<1024) ports during configuration reloading.

+

When 'chroot' option is used, stunnel will look for all its files (including +configuration file, certificates, log file and pid file) within the chroot +jail.

+
+
SIGUSR1
+ +
+

Close and reopen stunnel log file. +This function can be used for log rotation.

+
+
SIGTERM, SIGQUIT, SIGINT
+ +
+

Shut stunnel down.

+
+
+

The result of sending any other signals to the server is undefined.

+

+

+
+

EXAMPLES

+

In order to provide SSL encapsulation to your local imapd service, use

+
+    [imapd]
+    accept = 993
+    exec = /usr/sbin/imapd
+    execargs = imapd
+

If you want to provide tunneling to your pppd daemon on port 2020, +use something like

+
+    [vpn]
+    accept = 2020
+    exec = /usr/sbin/pppd
+    execargs = pppd local
+    pty = yes
+

If you want to use stunnel in inetd mode to launch your imapd +process, you'd use this stunnel.conf. +Note there must be no [service_name] section.

+
+    exec = /usr/sbin/imapd
+    execargs = imapd
+

+

+
+

NOTES

+

+

+

RESTRICTIONS

+

stunnel cannot be used for the FTP daemon because of the nature +of the FTP protocol which utilizes multiple ports for data transfers. +There are available SSL enabled versions of FTP and telnet daemons, however.

+

+

+

INETD MODE

+

The most common use of stunnel is to listen on a network +port and establish communication with either a new port +via the connect option, or a new program via the exec option. +However there is a special case when you wish to have +some other program accept incoming connections and +launch stunnel, for example with inetd, xinetd, +or tcpserver.

+

For example, if you have the following line in inetd.conf:

+
+    imaps stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/imaps.conf
+

In these cases, the inetd-style program is responsible +for binding a network socket (imaps above) and handing +it to stunnel when a connection is received. +Thus you do not want stunnel to have any accept option. +All the Service Level Options should be placed in the +global options section, and no [service_name] section +will be present. See the EXAMPLES section for example +configurations.

+

+

+

CERTIFICATES

+

Each SSL enabled daemon needs to present a valid X.509 certificate +to the peer. It also needs a private key to decrypt the incoming +data. The easiest way to obtain a certificate and a key is to +generate them with the free OpenSSL package. You can find more +information on certificates generation on pages listed below.

+

The order of contents of the .pem file is important. It should contain the +unencrypted private key first, then a signed certificate (not certificate +request). There should be also empty lines after certificate and private key. +Plaintext certificate information appended on the top of generated certificate +should be discarded. So the file should look like this:

+
+    -----BEGIN RSA PRIVATE KEY-----
+    [encoded key]
+    -----END RSA PRIVATE KEY-----
+    [empty line]
+    -----BEGIN CERTIFICATE-----
+    [encoded certificate]
+    -----END CERTIFICATE-----
+    [empty line]
+

+

+

RANDOMNESS

+

stunnel needs to seed the PRNG (pseudo random number generator) in +order for SSL to use good randomness. The following sources are loaded +in order until sufficient random data has been gathered:

+ +

With recent (>=OpenSSL 0.9.5a) version of SSL it will stop loading +random data automatically when sufficient entropy has been gathered. +With previous versions it will continue to gather from all the above +sources since no SSL function exists to tell when enough data is available.

+

Note that on Windows machines that do not have console user interaction +(mouse movements, creating windows, etc.) the screen contents are not +variable enough to be sufficient, and you should provide a random file +for use with the RNDfile flag.

+

Note that the file specified with the RNDfile flag should contain +random data -- that means it should contain different information +each time stunnel is run. This is handled automatically +unless the RNDoverwrite flag is used. If you wish to update this file +manually, the openssl rand command in recent versions of OpenSSL, +would be useful.

+

One important note -- if /dev/urandom is available, OpenSSL has a habit of +seeding the PRNG with it even when checking the random state, so on +systems with /dev/urandom you're likely to use it even though it's listed +at the very bottom of the list above. This isn't stunnel's behaviour, it's +OpenSSLs.

+

+

+

DH PARAMETERS

+

Stunnel 4.40 and later contains hardcoded 2048-bit DH parameters.

+

It is also possible to specify DH parameters in the certificate file:

+
+    openssl dhparam 2048 >> stunnel.pem
+

DH parameter generation may take several minutes.

+

+

+
+

FILES

+
+
stunnel.conf
+ +
+

stunnel configuration file

+
+
+

+

+
+

BUGS

+

Option execargs does not support quoting.

+

+

+
+

SEE ALSO

+
+
tcpd(8)
+ +
+

access control facility for internet services

+
+
inetd(8)
+ +
+

internet 'super-server'

+
+
http://www.stunnel.org/
+ +
+

stunnel homepage

+
+
http://www.openssl.org/
+ +
+

OpenSSL project website

+
+
+

+

+
+

AUTHOR

+
+
Michał Trojnara
+ +
+

<Michal.Trojnara@mirt.net>

+
+
+ + + + diff --git a/doc/stunnel.pl.8 b/doc/stunnel.pl.8 new file mode 100644 index 0000000..2b692c2 --- /dev/null +++ b/doc/stunnel.pl.8 @@ -0,0 +1,967 @@ +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" ======================================================================== +.\" +.IX Title "STUNNEL.PL 8" +.TH STUNNEL.PL 8 "2012.01.14" "4.53" "stunnel" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAZWA" +.IX Header "NAZWA" +stunnel \- uniwersalny tunel protokołu \s-1SSL\s0 +.SH "SKŁADNIA" +.IX Header "SKŁADNIA" +.IP "\fBUnix:\fR" 4 +.IX Item "Unix:" +\&\fBstunnel\fR [] | \-fd n | \-help | \-version | \-sockets +.IP "\fB\s-1WIN32:\s0\fR" 4 +.IX Item "WIN32:" +\&\fBstunnel\fR [ [\-install | \-uninstall | \-start | \-stop ] | \-exit] + [\-quiet] [] ] | \-help | \-version | \-sockets +.SH "OPIS" +.IX Header "OPIS" +Program \fBstunnel\fR został zaprojektowany do opakowywania w protokół \fI\s-1SSL\s0\fR +połączeń pomiędzy zdalnymi klientami a lokalnymi lub zdalnymi serwerami. +Przez serwer lokalny rozumiana jest aplikacja przeznaczona do uruchamiania +przy pomocy \fIinetd\fR. +Stunnel pozwala na proste zestawienie komunikacji serwerów nie posiadających +funkcjonalności \fI\s-1SSL\s0\fR poprzez bezpieczne kanały \fI\s-1SSL\s0\fR. +.PP +\&\fBstunnel\fR pozwala dodać funkcjonalność \fI\s-1SSL\s0\fR do powszechnie stosowanych +demonów \fIinetd\fR, np. \fIpop3\fR lub \fIimap\fR, do samodzielnych demonów, +np. \fInntp\fR, \fIsmtp\fR lub \fIhttp\fR, a nawet tunelować ppp poprzez gniazda sieciowe +bez zmian w kodzie źródłowym. +.SH "OPCJE" +.IX Header "OPCJE" +.IP "<\fBplik\fR>" 4 +.IX Item "" +użyj podanego pliku konfiguracyjnego +.IP "\fB\-fd n\fR (tylko Unix)" 4 +.IX Item "-fd n (tylko Unix)" +wczytaj konfigurację z podanego deskryptora pliku +.IP "\fB\-help\fR" 4 +.IX Item "-help" +drukuj listę wspieranych opcji +.IP "\fB\-version\fR" 4 +.IX Item "-version" +drukuj wersję programu i domyślne wartości parametrów +.IP "\fB\-sockets\fR" 4 +.IX Item "-sockets" +drukuj domyślne opcje gniazd +.IP "\fB\-install\fR (tylko \s-1NT/2000/XP\s0)" 4 +.IX Item "-install (tylko NT/2000/XP)" +instaluj serwis \s-1NT\s0 +.IP "\fB\-uninstall\fR (tylko \s-1NT/2000/XP\s0)" 4 +.IX Item "-uninstall (tylko NT/2000/XP)" +odinstaluj serwis \s-1NT\s0 +.IP "\fB\-start\fR (tylko \s-1NT/2000/XP\s0)" 4 +.IX Item "-start (tylko NT/2000/XP)" +uruchom serwis \s-1NT\s0 +.IP "\fB\-stop\fR (tylko \s-1NT/2000/XP\s0)" 4 +.IX Item "-stop (tylko NT/2000/XP)" +zatrzymaj serwis \s-1NT\s0 +.IP "\fB\-exit\fR (tylko Win32)" 4 +.IX Item "-exit (tylko Win32)" +zatrzymaj uruchomiony program +.IP "\fB\-quiet\fR (tylko \s-1NT/2000/XP\s0)" 4 +.IX Item "-quiet (tylko NT/2000/XP)" +nie wyświetlaj okienka informującego o pomyślnym zainstalowaniu lub +odinstalowaniu +.SH "PLIK KONFIGURACYJNY" +.IX Header "PLIK KONFIGURACYJNY" +Linia w pliku konfiguracyjnym może być: +.IP "\(bu" 4 +pusta (ignorowana) +.IP "\(bu" 4 +komentarzem rozpoczynającym się znakiem ';' (ignorowana) +.IP "\(bu" 4 +parą 'nazwa_opcji = wartość_opcji' +.IP "\(bu" 4 +tekstem '[nazwa_usługi]' wskazującym początek definicji usługi +.PP +Parametr adres może być: +.IP "\(bu" 4 +numerem portu +.IP "\(bu" 4 +oddzieloną średnikiem parą adresu (IPv4, IPv6, lub nazwą domenową) i numeru portu +.IP "\(bu" 4 +ścieżką do gniazda Unix (tylko Unix) +.SS "\s-1OPCJE\s0 \s-1GLOBALNE\s0" +.IX Subsection "OPCJE GLOBALNE" +.IP "\fBchroot\fR = katalog (tylko Unix)" 4 +.IX Item "chroot = katalog (tylko Unix)" +katalog roboczego korzenia systemu plików +.Sp +Opcja określa katalog, w którym uwięziony zostanie proces programu +\&\fBstunnel\fR tuż po jego inicjalizacji, a przed rozpoczęciem odbierania +połączeń. Ścieżki podane w opcjach \fICApath\fR, \fICRLpath\fR, \fIpid\fR +oraz \fIexec\fR muszą być umieszczone wewnątrz katalogu podanego w opcji +\&\fIchroot\fR i określone względem tego katalogu. +.IP "\fBcompression\fR = deflate | zlib | rle" 4 +.IX Item "compression = deflate | zlib | rle" +wybór algorytmu kompresji przesyłanych danych +.Sp +domyślnie: bez kompresji +.Sp +Algorytm deflate jest standardową metodą kompresji zgodnie z \s-1RFC\s0 1951. +.Sp +Kompresja zlib zaimplementowana w OpenSSL 0.9.8 i nowszych nie jest +kompatybilna implementacją OpenSSL 0.9.7. +.Sp +Kompresja rle nie jest zaimplementowana w aktualnych wersjach OpenSSL. +.IP "\fBdebug\fR = poziom[.podsystem]" 4 +.IX Item "debug = poziom[.podsystem]" +szczegółowość logowania +.Sp +Poziom logowania można określić przy pomocy jednej z nazw lub liczb: +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6) lub debug (7). +Zapisywane są komunikaty o poziomie niższym (numerycznie) lub równym podanemu. +Do uzyskania najwyższego poziomu szczegółowości można użyć opcji +\&\fIdebug = debug\fR lub \fIdebug = 7\fR. Domyślnym poziomem jest notice (5). +.Sp +O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: daemon. +Podsystemy nie są wspierane przez platformę Win32. +.Sp +Wielkość liter jest ignorowana zarówno dla poziomu jak podsystemu. +.IP "\fB\s-1EGD\s0\fR = ścieżka_do_EGD (tylko Unix)" 4 +.IX Item "EGD = ścieżka_do_EGD (tylko Unix)" +ścieżka do gniazda programu Entropy Gathering Daemon +.Sp +Opcja pozwala określić ścieżkę do gniazda programu Entropy Gathering Daemon +używanego do zainicjalizowania generatora ciągów pseudolosowych biblioteki +OpenSSL. Opcja jest dostępna z biblioteką OpenSSL 0.9.5a lub nowszą. +.IP "\fBengine\fR = auto | " 4 +.IX Item "engine = auto | " +wybór sprzętowego urządzenia kryptograficznego +.Sp +domyślnie: bez wykorzystania urządzeń kryptograficznych +.Sp +Przykładowa konfiguracja umożliwiająca odczytanie klucza prywatnego z +urządzenia zgodnego z OpenSC: +.Sp +.Vb 7 +\& engine=dynamic +\& engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so +\& engineCtrl=ID:pkcs11 +\& engineCtrl=LIST_ADD:1 +\& engineCtrl=LOAD +\& engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc\-pkcs11.so +\& engineCtrl=INIT +\& +\& [service] +\& engineNum=1 +\& key=id_45 +.Ve +.IP "\fBengineCtrl\fR = [:]" 4 +.IX Item "engineCtrl = [:]" +konfiguracja urządzenia kryptograficznego +.Sp +Specjalne komendy \*(L"\s-1LOAD\s0\*(R" i \*(L"\s-1INIT\s0\*(R" pozwalają na załadowanie i inicjalizację +modułu kryptograficznego urządzenia. +.IP "\fBfips\fR = yes | no" 4 +.IX Item "fips = yes | no" +Włącz lub wyłącz tryb \s-1FIPS\s0 140\-2. +.Sp +Opcja pozwala wyłączyć wejście w tryb \s-1FIPS\s0, jeśli stunnel został skompilowany +ze wsparciem dla \s-1FIPS\s0 140\-2. +.Sp +domyślnie: yes (pracuj w trybie \s-1FIPS\s0 140\-2) +.IP "\fBforeground\fR = yes | no (tylko Unix)" 4 +.IX Item "foreground = yes | no (tylko Unix)" +tryb pierwszoplanowy +.Sp +Użycie tej opcji powoduje, że \fIstunnel\fR nie przechodzi w tło logując +swoje komunikaty na konsolę zamiast przez \fIsyslog\fR (o ile nie użyto +opcji \fIoutput\fR). +.IP "\fBoutput\fR = plik" 4 +.IX Item "output = plik" +plik, do którego dopisane zostaną logi +.Sp +Użycie tej opcji powoduje dopisanie logów do podanego pliku. +.Sp +Do kierowaniakomunikatów na standardowe wyjście (na przykład po to, żeby +zalogować je programem splogger z pakietu daemontools) można podać jako +parametr urządzenie /dev/stdout. +.IP "\fBpid\fR = plik (tylko Unix)" 4 +.IX Item "pid = plik (tylko Unix)" +położenie pliku z numerem procesu +.Sp +Jeżeli argument jest pusty plik nie zostanie stworzony. +.Sp +Jeżeli zdefiniowano katalog \fIchroot\fR, to ścieżka do \fIpid\fR jest określona +względem tego katalogu. +.IP "\fBRNDbytes\fR = liczba_bajtów" 4 +.IX Item "RNDbytes = liczba_bajtów" +liczba bajtów do zainicjowania generatora pseudolosowego +.Sp +W wersjach biblioteki OpenSSL starszych niż 0.9.5a opcja ta określa +również liczbę bajtów wystarczających do zainicjowania \s-1PRNG\s0. +Nowsze wersje biblioteki mają wbudowaną funkcję określającą, czy +dostarczona ilość losowości jest wystarczająca do zainicjowania generatora. +.IP "\fBRNDfile\fR = plik" 4 +.IX Item "RNDfile = plik" +ścieżka do pliku zawierającego losowe dane +.Sp +Biblioteka OpenSSL użyje danych z tego pliku do zainicjowania +generatora pseudolosowego. +.IP "\fBRNDoverwrite\fR = yes | no" 4 +.IX Item "RNDoverwrite = yes | no" +nadpisz plik nowymi wartościami pseudolosowymi +.Sp +domyślnie: yes (nadpisz) +.IP "\fBservice\fR = nazwa_serwisu (tylko Unix)" 4 +.IX Item "service = nazwa_serwisu (tylko Unix)" +użyj parametru jako nazwy serwisu dla biblioteki \s-1TCP\s0 Wrapper w trybie \fIinetd\fR +.Sp +domyślnie: stunnel +.IP "\fBsetgid\fR = identyfikator_grupy (tylko Unix)" 4 +.IX Item "setgid = identyfikator_grupy (tylko Unix)" +grupa z której prawami pracował będzie \fIstunnel\fR +.IP "\fBsetuid\fR = identyfikator_użytkownika (tylko Unix)" 4 +.IX Item "setuid = identyfikator_użytkownika (tylko Unix)" +użytkownik, z którego prawami pracował będzie \fIstunnel\fR +.IP "\fBsocket\fR = a|l|r:option=value[:value]" 4 +.IX Item "socket = a|l|r:option=value[:value]" +ustaw opcję na akceptującym/lokalnym/zdalnym gnieździe +.Sp +Dla opcji linger wartości mają postać l_onof:l_linger. +Dla opcji time wartości mają postać tv_sec:tv_usec. +.Sp +Przykłady: +.Sp +.Vb 10 +\& socket = l:SO_LINGER=1:60 +\& ustaw jednominutowe przeterminowanie +\& przy zamykaniu lokalnego gniazda +\& socket = r:SO_OOBINLINE=yes +\& umieść dane pozapasmowe (out\-of\-band) +\& bezpośrednio w strumieniu danych +\& wejściowych dla zdalnych gniazd +\& socket = a:SO_REUSEADDR=no +\& zablokuj ponowne używanie portu +\& (domyślnie włączone) +\& socket = a:SO_BINDTODEVICE=lo +\& przyjmuj połączenia wyłącznie na +\& interfejsie zwrotnym (ang. loopback) +.Ve +.IP "\fBsyslog\fR = yes | no (tylko Unix)" 4 +.IX Item "syslog = yes | no (tylko Unix)" +włącz logowanie poprzez mechanizm syslog +.Sp +domyślnie: yes (włącz) +.IP "\fBtaskbar\fR = yes | no (tylko \s-1WIN32\s0)" 4 +.IX Item "taskbar = yes | no (tylko WIN32)" +włącz ikonkę w prawym dolnym rogu ekranu +.Sp +domyślnie: yes (włącz) +.SS "\s-1OPCJE\s0 USŁUG" +.IX Subsection "OPCJE USŁUG" +Każda sekcja konfiguracji usługi zaczyna się jej nazwą ujętą w nawias +kwadratowy. Nazwa usługi używana jest do kontroli dostępu przez +bibliotekę libwrap (\s-1TCP\s0 wrappers) oraz pozwala rozróżnić poszczególne +usługi w logach. +.PP +Jeżeli \fBstunnel\fR ma zostać użyty w trybie \fIinetd\fR, gdzie za odebranie +połączenia odpowiada osobny program (zwykle \fIinetd\fR, \fIxinetd\fR +lub \fItcpserver\fR), należy przeczytać sekcję \fI\s-1TRYB\s0 \s-1INETD\s0\fR poniżej. +.IP "\fBaccept\fR = [adres:]port" 4 +.IX Item "accept = [adres:]port" +nasłuchuje na połączenia na podanym adresie i porcie +.Sp +Jeżeli nie został podany adres, \fIstunnel\fR domyślnie nasłuchuje +na wszystkich adresach IPv4 lokalnych interfejsów. +.Sp +Aby nasłuchiwać na wszystkich adresach IPv6 należy użyć: +.Sp +.Vb 1 +\& accept = :::port +.Ve +.IP "\fBCApath\fR = katalog_CA" 4 +.IX Item "CApath = katalog_CA" +katalog Centrum Certyfikacji +.Sp +Opcja określa katalog, w którym \fBstunnel\fR będzie szukał certyfikatów, +jeżeli użyta została opcja \fIverify\fR. Pliki z certyfikatami muszą +posiadać specjalne nazwy \s-1XXXXXXXX\s0.0, gdzie \s-1XXXXXXXX\s0 jest skrótem +kryptograficznym reprezentacji \s-1DER\s0 nazwy podmiotu certyfikatu. +.Sp +Funkcja skrótu została zmieniona w wersji 1.0.0 biblioteki OpenSSL. +Należy wykonać c_rehash przy zmianie OpenSSL 0.x.x na 1.x.x. +.Sp +Jeżeli zdefiniowano katalog \fIchroot\fR, to ścieżka do \fICApath\fR jest określona +względem tego katalogu. +.IP "\fBCAfile\fR = plik_CA" 4 +.IX Item "CAfile = plik_CA" +plik Centrum Certyfikacji +.Sp +Opcja pozwala określić położenie pliku zawierającego certyfikaty używane +przez opcję \fIverify\fR. +.IP "\fBcert\fR = plik_pem" 4 +.IX Item "cert = plik_pem" +plik z łańcuchem certyfikatów +.Sp +Opcja określa położenie pliku zawierającego certyfikaty używane przez +program \fBstunnel\fR do uwierzytelnienia się przed drugą stroną połączenia. +Certyfikat jest konieczny, aby używać programu w trybie serwera. +W trybie klienta certyfikat jest opcjonalny. +.IP "\fBciphers\fR = lista_szyfrów" 4 +.IX Item "ciphers = lista_szyfrów" +lista dozwolonych szyfrów \s-1SSL\s0 +.Sp +Parametrem tej opcji jest lista szyfrów, które będą użyte przy +otwieraniu nowych połączeń \s-1SSL\s0, np.: \s-1DES\-CBC3\-SHA:IDEA\-CBC\-MD5\s0 +.IP "\fBclient\fR = yes | no" 4 +.IX Item "client = yes | no" +tryb kliencki (zdalna usługa używa \s-1SSL\s0) +.Sp +domyślnie: no (tryb serwerowy) +.IP "\fBconnect\fR = [adres:]port" 4 +.IX Item "connect = [adres:]port" +połącz się ze zdalnym serwerem na podany port +.Sp +Jeżeli nie został podany adres, \fIstunnel\fR domyślnie łączy się +z lokalnym serwerem. +.Sp +Komenda może byc użyta wielokrotnie w pojedynczej sekcji +celem zapewnienia wysokiej niezawodności lub rozłożenia +ruchu pomiędzy wiele serwerów. +.IP "\fBCRLpath\fR = katalog_CRL" 4 +.IX Item "CRLpath = katalog_CRL" +katalog List Odwołanych Certyfikatów (\s-1CRL\s0) +.Sp +Opcja określa katalog, w którym \fBstunnel\fR będzie szukał list \s-1CRL\s0, +jeżeli użyta została opcja \fIverify\fR. Pliki z listami \s-1CRL\s0 muszą +posiadać specjalne nazwy \s-1XXXXXXXX\s0.r0, gdzie \s-1XXXXXXXX\s0 jest skrótem +listy \s-1CRL\s0. +.Sp +Funkcja skrótu została zmieniona w wersji 1.0.0 biblioteki OpenSSL. +Należy wykonać c_rehash przy zmianie OpenSSL 0.x.x na 1.x.x. +.Sp +Jeżeli zdefiniowano katalog \fIchroot\fR, to ścieżka do \fICRLpath\fR jest określona +względem tego katalogu. +.IP "\fBCRLfile\fR = plik_CRL" 4 +.IX Item "CRLfile = plik_CRL" +plik List Odwołanych Certyfikatów (\s-1CRL\s0) +.Sp +Opcja pozwala określić położenie pliku zawierającego listy \s-1CRL\s0 używane +przez opcję \fIverify\fR. +.IP "\fBcurve\fR = nid" 4 +.IX Item "curve = nid" +krzywa dla \s-1ECDH\s0 +.Sp +Listę dostępnych krzywych można uzyskać poleceniem: +.Sp +.Vb 1 +\& openssl ecparam \-list_curves +.Ve +.Sp +domyślnie: prime256v1 +.IP "\fBdelay\fR = yes | no" 4 +.IX Item "delay = yes | no" +opóźnij rozwinięcie adresu \s-1DNS\s0 podanego w opcji \fIconnect\fR +.Sp +Opcja jest przydatna przy dynamicznym \s-1DNS\s0, albo gdy usługa \s-1DNS\s0 nie jest +dostępna przy starcie programu stunnel (klient \s-1VPN\s0, połączenie wdzwaniane). +.IP "\fBengineNum\fR = " 4 +.IX Item "engineNum = " +wybierz urządzenie do odczyta klucza prywatnego +.Sp +Urządzenia są numerowane od 1 w górę. +.IP "\fBexec\fR = ścieżka_do_programu" 4 +.IX Item "exec = ścieżka_do_programu" +wykonaj lokalny program przystosowany do pracy z superdemonem inetd +.Sp +Jeżeli zdefiniowano katalog \fIchroot\fR, to ścieżka do \fIexec\fR jest określona +względem tego katalogu. +.ie n .IP "\fBexecargs\fR = $0 $1 $2 ..." 4 +.el .IP "\fBexecargs\fR = \f(CW$0\fR \f(CW$1\fR \f(CW$2\fR ..." 4 +.IX Item "execargs = $0 $1 $2 ..." +argumenty do opcji \fIexec\fR włącznie z nazwą programu ($0) +.Sp +Cytowanie nie jest wspierane w obecnej wersji programu. +Argumenty są rozdzielone dowolną liczbą białych znaków. +.IP "\fBfailover\fR = rr | prio" 4 +.IX Item "failover = rr | prio" +Strategia wybierania serwerów wyspecyfikowanych parametrami \*(L"connect\*(R". +.Sp +.Vb 2 +\& rr (round robin) \- sprawiedliwe rozłożenie obciążenia +\& prio (priority) \- użyj kolejności opcji w pliku konfiguracyjnym +.Ve +.Sp +domyślnie: rr +.IP "\fBident\fR = nazwa_użytkownika" 4 +.IX Item "ident = nazwa_użytkownika" +weryfikuj nazwę zdalnego użytkownika korzystając z protokołu \s-1IDENT\s0 (\s-1RFC\s0 1413) +.IP "\fBkey\fR = plik_klucza" 4 +.IX Item "key = plik_klucza" +klucz prywatny do certyfikatu podanego w opcji \fIcert\fR +.Sp +Klucz prywatny jest potrzebny do uwierzytelnienia właściciela certyfikatu. +Ponieważ powinien on być zachowany w tajemnicy, prawa do jego odczytu +powinien mieć wyłącznie właściciel pliku. W systemie Unix można to osiągnąć +komendą: +.Sp +.Vb 1 +\& chmod 600 keyfile +.Ve +.Sp +domyślnie: wartość opcji \fIcert\fR +.IP "\fBlibwrap\fR = yes | no" 4 +.IX Item "libwrap = yes | no" +włącz lub wyłącz korzystanie z /etc/hosts.allow i /etc/hosts.deny. +.Sp +domyślnie: yes +.IP "\fBlocal\fR = serwer" 4 +.IX Item "local = serwer" +\&\s-1IP\s0 źródła do nawiązywania zdalnych połączeń +.Sp +Domyślnie używane jest \s-1IP\s0 najbardziej zewnętrznego interfejsu w stronę +serwera, do którego nawiązywane jest połączenie. +.IP "\fBsni\fR = nazwa_usługi:nazwa_serwera (tryb serwera)" 4 +.IX Item "sni = nazwa_usługi:nazwa_serwera (tryb serwera)" +Użyj usługi jako podrzędnej (virtualnego serwera) dla rozszerzenia \s-1TLS\s0 Server +Name Indication (\s-1RFC\s0 3546). +.Sp +\&\fInazwa_usługi\fR wskazuje usługę nadrzędną, która odbiera połączenia od klientów +przy pomocy opcji \fIaccept\fR. \fInazwa_serwera\fR wskazuje nazwę serwera +wirtualnego. Z pojedyńczą usługą nadrzędną powiązane jest zwykle wiele usług +podrzędnych. Opcja \fIsni\fR może być rownież użyta wielokrotnie w ramach jednej +usługi podrzędnej. +.Sp +Zarówno usługa nadrzędna jak i podrzędna nie może być skonfigurowana w trybie +klienckim. Opcja \fIconnect\fR usługi podrzędnej jest ignorowana w połączeniu z +opcją \fIprotocol\fR, gdyż połączenie do zdalnego serwera jest w tym wypadku +nawiązywane przed negocjacją \s-1TLS\s0. Uwierzytelnienie przy pomocy biblioteki +libwrap jest realizowane dwukrotnie: najpierw dla usługi nadrzędnej po +odebraniu połączenia \s-1TCP\s0, a następnie dla usługi podrzędnej podczas negocjacji +\&\s-1TLS\s0. +.Sp +Opcja \fIsni\fR jest dostępna począwszy od wersji 1.0.0 biblioteki OpenSSL. +.IP "\fBsni\fR = nazwa_serwera (tryb klienta)" 4 +.IX Item "sni = nazwa_serwera (tryb klienta)" +Użyj parametru jako wartości rozszerzenia \s-1TLS\s0 Server Name Indication +(\s-1RFC\s0 3546). +.Sp +Opcja \fIsni\fR jest dostępna począwszy od wersji 1.0.0 biblioteki OpenSSL. +.IP "\fB\s-1OCSP\s0\fR = \s-1URL\s0" 4 +.IX Item "OCSP = URL" +serwer \s-1OCSP\s0 do weryfikacji certyfikatów +.IP "\fBOCSPflag\fR = flaga" 4 +.IX Item "OCSPflag = flaga" +flaga serwera \s-1OCSP\s0 +.Sp +aktualnie wspierane flagi: \s-1NOCERTS\s0, \s-1NOINTERN\s0 \s-1NOSIGS\s0, \s-1NOCHAIN\s0, \s-1NOVERIFY\s0, +\&\s-1NOEXPLICIT\s0, \s-1NOCASIGN\s0, \s-1NODELEGATED\s0, \s-1NOCHECKS\s0, \s-1TRUSTOTHER\s0, \s-1RESPID_KEY\s0, \s-1NOTIME\s0 +.Sp +Aby wyspecyfikować kilka flag należy użyć \fIOCSPflag\fR wielokrotnie. +.IP "\fBoptions\fR = opcje_SSL" 4 +.IX Item "options = opcje_SSL" +opcje biblioteki OpenSSL +.Sp +Parametrem jest nazwa opcji zgodnie z opisem w \fI\fISSL_CTX_set_options\fI\|(3ssl)\fR, +ale bez przedrostka \fI\s-1SSL_OP_\s0\fR. +Aby wyspecyfikować kilka opcji należy użyć \fIoptions\fR wielokrotnie. +.Sp +Na przykład dla zachowania kompatybilności z błędami implementacji \s-1SSL\s0 +w programie Eudora można użyć opcji: +.Sp +.Vb 1 +\& options = DONT_INSERT_EMPTY_FRAGMENTS +.Ve +.IP "\fBprotocol\fR = protokół" 4 +.IX Item "protocol = protokół" +negocjuj \s-1SSL\s0 podanym protokołem aplikacyjnym (np. \fIstarttls\fR lub \fIstls\fR) +.Sp +Opcji \fIprotocol\fR nie należy używać z szyfrowaniem \s-1SSL\s0 na osobnym porcie. +.Sp +Aktualnie wspierane protokoły: +.RS 4 +.IP "\fIcifs\fR" 4 +.IX Item "cifs" +Unieudokumentowane rozszerzenie protokołu \s-1CIFS\s0 wspierane przez serwer Samba. +Wsparcie dla tego rozrzeczenia zostało zarzucone w wersji 3.0.0 serwera Samba. +.IP "\fIconnect\fR" 4 +.IX Item "connect" +Negocjacja \s-1RFC\s0 2817 \- \fIUpgrading to \s-1TLS\s0 Within \s-1HTTP/1\s0.1\fR, rozdział 5.2 \- \fIRequesting a Tunnel with \s-1CONNECT\s0\fR +.Sp +Ten protokół jest wspierany wyłącznie w trybie klienckim. +.IP "\fIimap\fR" 4 +.IX Item "imap" +Negocjacja \s-1RFC\s0 2595 \- \fIUsing \s-1TLS\s0 with \s-1IMAP\s0, \s-1POP3\s0 and \s-1ACAP\s0\fR +.IP "\fInntp\fR" 4 +.IX Item "nntp" +Negocjacja \s-1RFC\s0 4642 \- \fIUsing Transport Layer Security (\s-1TLS\s0) with Network News Transfer Protocol (\s-1NNTP\s0)\fR +.Sp +Ten protokół jest wspierany wyłącznie w trybie klienckim. +.IP "\fIpgsql\fR" 4 +.IX Item "pgsql" +Negocjacja http://www.postgresql.org/docs/8.3/static/protocol\-flow.html#AEN73982 +.IP "\fIpop3\fR" 4 +.IX Item "pop3" +Negocjacja \s-1RFC\s0 2449 \- \fI\s-1POP3\s0 Extension Mechanism\fR +.IP "\fIproxy\fR" 4 +.IX Item "proxy" +Przekazywanie adresu \s-1IP\s0 haproxy http://haproxy.1wt.eu/download/1.5/doc/proxy\-protocol.txt +.IP "\fIsmtp\fR" 4 +.IX Item "smtp" +Negocjacja \s-1RFC\s0 2487 \- \fI\s-1SMTP\s0 Service Extension for Secure \s-1SMTP\s0 over \s-1TLS\s0\fR +.RE +.RS 4 +.RE +.IP "\fBprotocolAuthentication\fR = uwierzytelnienie" 4 +.IX Item "protocolAuthentication = uwierzytelnienie" +rodzaj uwierzytelnienia do negocjacji protokołu +.Sp +aktualnie wspierane: basic, \s-1NTLM\s0 +.Sp +Obecnie typ uwierzytelnienia ma zastosowanie wyłącznie w protokole 'connect'. +.Sp +domyślnie: basic +.IP "\fBprotocolHost\fR = adres:port" 4 +.IX Item "protocolHost = adres:port" +adres docelowy do negocjacji protokołu +.IP "\fBprotocolPassword\fR = hasło" 4 +.IX Item "protocolPassword = hasło" +hasło do negocjacji protokołu +.IP "\fBprotocolUsername\fR = użytkownik" 4 +.IX Item "protocolUsername = użytkownik" +nazwa użytkownika do negocjacji protokołu +.IP "\fBpty\fR = yes | no (tylko Unix)" 4 +.IX Item "pty = yes | no (tylko Unix)" +alokuj pseudoterminal dla programu uruchamianego w opcji 'exec' +.IP "\fBretry\fR = yes | no (tylko Unix)" 4 +.IX Item "retry = yes | no (tylko Unix)" +połącz ponownie sekcję connect+exec po rozłączeniu +.Sp +domyślnie: no +.IP "\fBsession\fR = przeterminowanie_pamięci_podręcznej_sesji" 4 +.IX Item "session = przeterminowanie_pamięci_podręcznej_sesji" +czas w sekundach, po którym sesja \s-1SSL\s0 zostanie usunięta z pamięci podręcznej +.IP "\fBsessiond\fR = adres:port" 4 +.IX Item "sessiond = adres:port" +adres sessiond \- servera cache sesji \s-1SSL\s0 +.IP "\fBsslVersion\fR = wersja" 4 +.IX Item "sslVersion = wersja" +wersja protokołu \s-1SSL\s0 +.Sp +Dozwolone opcje: all, SSLv2, SSLv3, TLSv1 +.IP "\fBstack\fR = liczba_bajtów (z wyjątkiem modelu \s-1FORK\s0)" 4 +.IX Item "stack = liczba_bajtów (z wyjątkiem modelu FORK)" +rozmiar stosu procesora wątku +.IP "\fBTIMEOUTbusy\fR = liczba_sekund" 4 +.IX Item "TIMEOUTbusy = liczba_sekund" +czas oczekiwania na spodziewane dane +.IP "\fBTIMEOUTclose\fR = liczba_sekund" 4 +.IX Item "TIMEOUTclose = liczba_sekund" +czas oczekiwania na close_notify (ustaw na 0, jeżeli klientem jest \s-1MSIE\s0) +.IP "\fBTIMEOUTconnect\fR = liczba_sekund" 4 +.IX Item "TIMEOUTconnect = liczba_sekund" +czas oczekiwania na nawiązanie połączenia +.IP "\fBTIMEOUTidle\fR = liczba_sekund" 4 +.IX Item "TIMEOUTidle = liczba_sekund" +maksymalny czas utrzymywania bezczynnego połączenia +.IP "\fBtransparent\fR = none | source | destination | both (tylko Unix)" 4 +.IX Item "transparent = none | source | destination | both (tylko Unix)" +tryb przezroczystego proxy na wspieranych platformach +.Sp +Wspierane opcje: +.RS 4 +.IP "\fBnone\fR" 4 +.IX Item "none" +Zablokuj wsparcie dla przezroczystago proxy. Jest to wartość domyślna. +.IP "\fBsource\fR" 4 +.IX Item "source" +Przepisz adres, aby nawiązywane połączenie wydawało się pochodzić +bezpośrednio od klienta, a nie od programu \fIstunnel\fR. +.Sp +Opcja jest aktualnie obsługiwana w: +.RS 4 +.IP "Trybie zdalnym (opcja \fIconnect\fR) w systemie \fILinux >=2.6.28\fR" 4 +.IX Item "Trybie zdalnym (opcja connect) w systemie Linux >=2.6.28" +Konfiguracja wymaga następujących ustawień iptables oraz routingu +(na przykład w pliku /etc/rc.local lub analogicznym): +.Sp +.Vb 7 +\& iptables \-t mangle \-N DIVERT +\& iptables \-t mangle \-A PREROUTING \-p tcp \-m socket \-j DIVERT +\& iptables \-t mangle \-A DIVERT \-j MARK \-\-set\-mark 1 +\& iptables \-t mangle \-A DIVERT \-j ACCEPT +\& ip rule add fwmark 1 lookup 100 +\& ip route add local 0.0.0.0/0 dev lo table 100 +\& echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter +.Ve +.Sp +Konfiguracja ta wymaga, aby \fBstunnel\fR był wykonywany jako root i bez opcji \fIsetuid\fR. +.IP "Trybie zdalnym (opcja \fIconnect\fR) w systemie \fILinux 2.2.x\fR" 4 +.IX Item "Trybie zdalnym (opcja connect) w systemie Linux 2.2.x" +Konfiguracja ta wymaga skompilowania jądra z opcją \fItransparent proxy\fR. +Docelowa usługa musi być umieszczona na osobnej maszynie, do której routing +kierowany jest poprzez serwer stunnela. +.Sp +Dodatkowo \fBstunnel\fR powinien być wykonywany jako root i bez opcji \fIsetuid\fR. +.IP "Trybie zdalnym (opcja \fIconnect\fR) w systemie \fIFreeBSD >=8.0\fR" 4 +.IX Item "Trybie zdalnym (opcja connect) w systemie FreeBSD >=8.0" +Konfiguracja ta wymaga skonfigurowania firewalla i routingu. +\&\fBstunnel\fR musi być wykonywany jako root i bez opcji \fIsetuid\fR. +.IP "Trybie lokalnym (opcja \fIexec\fR)" 4 +.IX Item "Trybie lokalnym (opcja exec)" +Konfiguracja ta jest realizowana przy pomocy biblioteki \fIlibstunnel.so\fR. +Do załadowania biblioteki wykorzystywana jest zmienna środowiskowa _RLD_LIST na +platformie Tru64 lub \s-1LD_PRELOAD\s0 na innych platformach. +.RE +.RS 4 +.RE +.IP "\fIdestination\fR" 4 +.IX Item "destination" +Oryginalny adres docelowy jest używany zamiast opcji \fIconnect\fR. +.Sp +Przykładowana konfiguracja przezroczystego adresu docelowego: +.Sp +.Vb 4 +\& [transparent] +\& client=yes +\& accept= +\& transparent=destination +.Ve +.Sp +Konfiguracja wymaga następujących ustawień iptables +(na przykład w pliku /etc/rc.local lub analogicznym): +.Sp +.Vb 2 +\& /sbin/iptables \-I INPUT \-i eth0 \-p tcp \-\-dport \-j ACCEPT +\& /sbin/iptables \-t nat \-I PREROUTING \-i eth0 \-p tcp \-\-dport \-j DNAT \-\-to\-destination : +.Ve +.Sp +Przezroczysty adres docelowy jest aktualnie wspierany wyłącznie w systemie Linux. +.IP "\fIboth\fR" 4 +.IX Item "both" +Użyj przezroczystego proxy zarówno dla adresu źródłowego jak i docelowego. +.RE +.RS 4 +.Sp +Dla zapewnienia kompatybilności z wcześniejszymim wersjami wspierane są dwie +dodatkowe opcje: +.IP "\fIyes\fR" 4 +.IX Item "yes" +Opcja została przemianowana na \fIsource\fR. +.IP "\fIno\fR" 4 +.IX Item "no" +Opcja została przemianowana na \fInone\fR. +.RE +.RS 4 +.RE +.IP "\fBverify\fR = poziom" 4 +.IX Item "verify = poziom" +weryfikuj certyfikat drugiej strony połączenia +.RS 4 +.IP "\fIpoziom 0\fR \- zarządaj certyfikatu i zignoruj go" 4 +.IX Item "poziom 0 - zarządaj certyfikatu i zignoruj go" +.PD 0 +.IP "\fIpoziom 1\fR \- weryfikuj, jeżeli został przedstawiony" 4 +.IX Item "poziom 1 - weryfikuj, jeżeli został przedstawiony" +.IP "\fIpoziom 2\fR \- weryfikuj z zainstalowanym certyfikatem Centrum Certyfikacji" 4 +.IX Item "poziom 2 - weryfikuj z zainstalowanym certyfikatem Centrum Certyfikacji" +.IP "\fIpoziom 3\fR \- weryfikuj z lokalnie zainstalowanym certyfikatem drugiej strony" 4 +.IX Item "poziom 3 - weryfikuj z lokalnie zainstalowanym certyfikatem drugiej strony" +.IP "\fIpoziom 4\fR \- weryfikuj z certyfikatem drugiej strony ignorując łańcuch \s-1CA\s0" 4 +.IX Item "poziom 4 - weryfikuj z certyfikatem drugiej strony ignorując łańcuch CA" +.IP "\fIdomyślnie\fR \- nie weryfikuj" 4 +.IX Item "domyślnie - nie weryfikuj" +.RE +.RS 4 +.RE +.PD +.SH "ZWRACANA WARTOŚĆ" +.IX Header "ZWRACANA WARTOŚĆ" +\&\fBstunnel\fR zwraca zero w przypadku sukcesu, lub wartość niezerową +w przypadku błędu. +.SH "SIGNAŁY" +.IX Header "SIGNAŁY" +Następujące sygnały mogą być użyte do sterowania programem w systemie Unix: +.IP "\s-1SIGHUP\s0" 4 +.IX Item "SIGHUP" +Załaduj ponownie plik konfiguracyjny. +.Sp +Niektóre globalne opcje nie będą przeładowane: +.RS 4 +.IP "\(bu" 4 +chroot +.IP "\(bu" 4 +foreground +.IP "\(bu" 4 +pid +.IP "\(bu" 4 +setgid +.IP "\(bu" 4 +setuid +.RE +.RS 4 +.Sp +Jeżeli wykorzystywana jest opcja 'setuid' stunnel nie będzie mógł załadować +ponownie konfiguracji wykorzystującej uprzywilejowane (<1024) porty. +.Sp +Jeżeli wykorzystywana jest opcja 'chroot' stunnel będzie szukał wszystkich +potrzebnych plików (łącznie z plikiem konfiguracyjnym, certyfikatami, logiem i +plikiem pid) wewnątrz katalogu wskazanego przez 'chroot'. +.RE +.IP "\s-1SIGUSR1\s0" 4 +.IX Item "SIGUSR1" +Zamknij i otwórz ponownie log. +Funkcja ta może zostać użyta w skrypcie rotującym log programu stunnel. +.IP "\s-1SIGTERM\s0, \s-1SIGQUIT\s0, \s-1SIGINT\s0" 4 +.IX Item "SIGTERM, SIGQUIT, SIGINT" +Zakończ działanie programu. +.PP +Skutek wysłania innych sygnałów jest niezdefiniowany. +.SH "PRZYKŁADY" +.IX Header "PRZYKŁADY" +Szyfrowanie połączeń do lokalnego serwera \fIimapd\fR można użyć: +.PP +.Vb 4 +\& [imapd] +\& accept = 993 +\& exec = /usr/sbin/imapd +\& execargs = imapd +.Ve +.PP +albo w trybie zdalnym: +.PP +.Vb 3 +\& [imapd] +\& accept = 993 +\& connect = 143 +.Ve +.PP +W połączeniu z programem \fIpppd\fR \fBstunnel\fR pozwala zestawić prosty \s-1VPN\s0. +Po stronie serwera nasłuchującego na porcie 2020 jego konfiguracja +może wyglądać następująco: +.PP +.Vb 5 +\& [vpn] +\& accept = 2020 +\& exec = /usr/sbin/pppd +\& execargs = pppd local +\& pty = yes +.Ve +.PP +Poniższy plik konfiguracyjny może być wykorzystany do uruchomienia +programu \fBstunnel\fR w trybie \fIinetd\fR. Warto zauważyć, że w pliku +konfiguracyjnym nie ma sekcji \fI[nazwa_usługi]\fR. +.PP +.Vb 2 +\& exec = /usr/sbin/imapd +\& execargs = imapd +.Ve +.SH "NOTKI" +.IX Header "NOTKI" +.SS "\s-1OGRANICZENIA\s0" +.IX Subsection "OGRANICZENIA" +\&\fIstunnel\fR nie może być używany do szyfrowania protokołu \fI\s-1FTP\s0\fR, +ponieważ do przesyłania poszczególnych plików używa on dodatkowych +połączeń otwieranych na portach o dynamicznie przydzielanych numerach. +Istnieją jednak specjalne wersje klientów i serwerów \s-1FTP\s0 pozwalające +na szyfrowanie przesyłanych danych przy pomocy protokołu \fI\s-1SSL\s0\fR. +.SS "\s-1TRYB\s0 \s-1INETD\s0 (tylko Unix)" +.IX Subsection "TRYB INETD (tylko Unix)" +W większości zastosowań \fBstunnel\fR samodzielnie nasłuchuje na porcie +podanym w pliku konfiguracyjnym i tworzy połączenie z innym portem +podanym w opcji \fIconnect\fR lub nowym programem podanym w opcji \fIexec\fR. +Niektórzy wolą jednak wykorzystywać oddzielny program, który odbiera +połączenia, po czym uruchamia program \fBstunnel\fR. Przykładami takich +programów są inetd, xinetd i tcpserver. +.PP +Przykładowa linia pliku /etc/inetd.conf może wyglądać tak: +.PP +.Vb 2 +\& imaps stream tcp nowait root /usr/bin/stunnel +\& stunnel /etc/stunnel/imaps.conf +.Ve +.PP +Ponieważ w takich przypadkach połączenie na zdefiniowanym porcie +(tutaj \fIimaps\fR) nawiązuje osobny program (tutaj \fIinetd\fR), \fBstunnel\fR +nie może używać opcji \fIaccept\fR. W pliku konfiguracyjnym nie może +być również zdefiniowana żadna usługa (\fI[nazwa_usługi]\fR), ponieważ +konfiguracja taka pozwala na nawiązanie tylko jednego połączenia. +Wszystkie \fI\s-1OPCJE\s0 USŁUG\fR powinny być umieszczone razem z opcjami +globalnymi. Przykład takiej konfiguracji znajduje się w sekcji +\&\fIPRZYKŁADY\fR. +.SS "\s-1CERTYFIKATY\s0" +.IX Subsection "CERTYFIKATY" +Protokół \s-1SSL\s0 wymaga, aby każdy serwer przedstawiał się nawiązującemu +połączenie klientowi prawidłowym certyfikatem X.509. +Potwierdzenie tożsamości serwera polega na wykazaniu, że posiada on +odpowiadający certyfikatowi klucz prywatny. +Najprostszą metodą uzyskania certyfikatu jest wygenerowanie +go przy pomocy wolnego pakietu \fIOpenSSL\fR. Więcej informacji na temat +generowania certyfikatów można znaleźć na umieszczonych poniżej stronach. +.PP +Istotną kwestią jest kolejność zawartości pliku \fI.pem\fR. +W pierwszej kolejności powinien on zawierać klucz prywatny, +a dopiero za nim podpisany certyfikat (nie żądanie certyfikatu). +Po certyfikacie i kluczu prywatnym powinny znajdować się puste linie. +Jeżeli przed certyfikatem znajdują się dodatkowe informacje tekstowe, +to powinny one zostać usunięte. Otrzymany plik powinien mieć +następującą postać: +.PP +.Vb 8 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& [zakodowany klucz] +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +\& [pusta linia] +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& [zakodowany certyfikat] +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +\& [pusta linia] +.Ve +.SS "LOSOWOŚĆ" +.IX Subsection "LOSOWOŚĆ" +\&\fBstunnel\fR potrzebuje zainicjować \s-1PRNG\s0 (generator liczb pseudolosowych), +gdyż protokół \s-1SSL\s0 wymaga do bezpieczeństwa kryptograficznego źródła +dobrej losowości. Następujące źródła są kolejno odczytywane aż do +uzyskania wystarczającej ilości entropii: +.IP "\(bu" 4 +Zawartość pliku podanego w opcji \fIRNDfile\fR. +.IP "\(bu" 4 +Zawartość pliku o nazwie określonej przez zmienną środowiskową +\&\s-1RANDFILE\s0, o ile jest ona ustawiona. +.IP "\(bu" 4 +Plik .rnd umieszczony w katalogu domowym użytkownika, +jeżeli zmienna \s-1RANDFILE\s0 nie jest ustawiona. +.IP "\(bu" 4 +Plik podany w opcji '\-\-with\-random' w czasie konfiguracji programu. +.IP "\(bu" 4 +Zawartość ekranu w systemie Windows. +.IP "\(bu" 4 +Gniazdo egd, jeżeli użyta została opcja \fI\s-1EGD\s0\fR. +.IP "\(bu" 4 +Gniazdo egd podane w opcji '\-\-with\-egd\-socket' w czasie konfiguracji +programu. +.IP "\(bu" 4 +Urządzenie /dev/urandom. +.PP +Współczesne (>=0.9.5a) wersje biblioteki \fIOpenSSL\fR automatycznie +zaprzestają ładowania kolejnych danych w momencie uzyskania wystarczającej +ilości entropii. Wcześniejsze wersje biblioteki wykorzystają wszystkie +powyższe źródła, gdyż nie istnieje tam funkcja pozwalająca określić, +czy uzyskano już wystarczająco dużo danych. +.PP +Warto zwrócić uwagę, że na maszynach z systemem Windows, na których +konsoli nie pracuje użytkownik, zawartość ekranu nie jest wystarczająco +zmienna, aby zainicjować \s-1PRNG\s0. W takim przypadku do zainicjowania +generatora należy użyć opcji \fIRNDfile\fR. +.PP +Plik \fIRNDfile\fR powinien zawierać dane losowe \*(-- również w tym sensie, +że powinny być one inne przy każdym uruchomieniu programu \fBstunnel\fR. +O ile nie użyta została opcja \fIRNDoverwrite\fR jest to robione +automatycznie. Do ręcznego uzyskania takiego pliku użyteczna +może być komenda \fIopenssl rand\fR dostarczana ze współczesnymi +wersjami pakietu \fIOpenSSL\fR. +.PP +Jeszcze jedna istotna informacja \*(-- jeżeli dostępne jest urządzenie +\&\fI/dev/urandom\fR biblioteka \fIOpenSSL\fR ma zwyczaj zasilania nim \s-1PRNG\s0 w trakcie +sprawdzania stanu generatora. W systemach z \fI/dev/urandom\fR urządzenie +to będzie najprawdopodobniej użyte, pomimo że znajduje się na samym końcu +powyższej listy. Jest to właściwość biblioteki \fIOpenSSL\fR, a nie programu +\&\fIstunnel\fR. +.SS "\s-1PARAMETRY\s0 \s-1DH\s0" +.IX Subsection "PARAMETRY DH" +Począwszy od wersji 4.40 stunnel zawiera w kodzie programu 2048\-bitowe +parametry \s-1DH\s0. +.PP +Alternatywnie parametry \s-1DH\s0 można umieścić w pliku razem z certyfikatem: +.PP +.Vb 1 +\& openssl dhparam 2048 >> stunnel.pem +.Ve +.PP +Wygenerowanie parametrów \s-1DH\s0 może zająć nawet wiele minut. +.SH "PLIKI" +.IX Header "PLIKI" +.IP "\fIstunnel.conf\fR" 4 +.IX Item "stunnel.conf" +plik konfiguracyjny programu +.SH "BŁĘDY" +.IX Header "BŁĘDY" +Opcja \fIexecargs\fR nie obsługuje cytowania. +.SH "ZOBACZ RÓWNIEŻ" +.IX Header "ZOBACZ RÓWNIEŻ" +.IP "\fItcpd\fR\|(8)" 4 +.IX Item "tcpd" +biblioteka kontroli dostępu do usług internetowych +.IP "\fIinetd\fR\|(8)" 4 +.IX Item "inetd" +\&'super\-serwer' internetowy +.IP "\fIhttp://www.stunnel.org/\fR" 4 +.IX Item "http://www.stunnel.org/" +strona domowa programu \fIstunnel\fR +.IP "\fIhttp://www.openssl.org/\fR" 4 +.IX Item "http://www.openssl.org/" +strona projektu \fIOpenSSL\fR +.SH "AUTOR" +.IX Header "AUTOR" +.IP "Michał Trojnara" 4 +.IX Item "Michał Trojnara" +<\fIMichal.Trojnara@mirt.net\fR> diff --git a/doc/stunnel.pl.html b/doc/stunnel.pl.html new file mode 100644 index 0000000..a054ee8 --- /dev/null +++ b/doc/stunnel.pl.html @@ -0,0 +1,1087 @@ + + + + +stunnel.8 + + + + + + + + +
+

+ + + +
+ + +

+

+

NAZWA

+

stunnel - uniwersalny tunel protokołu SSL

+

+

+
+

SKŁADNIA

+
+
Unix:
+ +
+

stunnel [<plik>] | -fd n | -help | -version | -sockets

+
+
WIN32:
+ +
+

stunnel [ [-install | -uninstall | -start | -stop ] | -exit] + [-quiet] [<plik>] ] | -help | -version | -sockets

+
+
+

+

+
+

OPIS

+

Program stunnel został zaprojektowany do opakowywania w protokół SSL +połączeń pomiędzy zdalnymi klientami a lokalnymi lub zdalnymi serwerami. +Przez serwer lokalny rozumiana jest aplikacja przeznaczona do uruchamiania +przy pomocy inetd. +Stunnel pozwala na proste zestawienie komunikacji serwerów nie posiadających +funkcjonalności SSL poprzez bezpieczne kanały SSL.

+

stunnel pozwala dodać funkcjonalność SSL do powszechnie stosowanych +demonów inetd, np. pop3 lub imap, do samodzielnych demonów, +np. nntp, smtp lub http, a nawet tunelować ppp poprzez gniazda sieciowe +bez zmian w kodzie źródłowym.

+

+

+
+

OPCJE

+
+
<plik>
+ +
+

użyj podanego pliku konfiguracyjnego

+
+
-fd n (tylko Unix)
+ +
+

wczytaj konfigurację z podanego deskryptora pliku

+
+
-help
+ +
+

drukuj listę wspieranych opcji

+
+
-version
+ +
+

drukuj wersję programu i domyślne wartości parametrów

+
+
-sockets
+ +
+

drukuj domyślne opcje gniazd

+
+
-install (tylko NT/2000/XP)
+ +
+

instaluj serwis NT

+
+
-uninstall (tylko NT/2000/XP)
+ +
+

odinstaluj serwis NT

+
+
-start (tylko NT/2000/XP)
+ +
+

uruchom serwis NT

+
+
-stop (tylko NT/2000/XP)
+ +
+

zatrzymaj serwis NT

+
+
-exit (tylko Win32)
+ +
+

zatrzymaj uruchomiony program

+
+
-quiet (tylko NT/2000/XP)
+ +
+

nie wyświetlaj okienka informującego o pomyślnym zainstalowaniu lub +odinstalowaniu

+
+
+

+

+
+

PLIK KONFIGURACYJNY

+

Linia w pliku konfiguracyjnym może być:

+ +

Parametr adres może być:

+ +

+

+

OPCJE GLOBALNE

+
+
chroot = katalog (tylko Unix)
+ +
+

katalog roboczego korzenia systemu plików

+

Opcja określa katalog, w którym uwięziony zostanie proces programu +stunnel tuż po jego inicjalizacji, a przed rozpoczęciem odbierania +połączeń. Ścieżki podane w opcjach CApath, CRLpath, pid +oraz exec muszą być umieszczone wewnątrz katalogu podanego w opcji +chroot i określone względem tego katalogu.

+
+
compression = deflate | zlib | rle
+ +
+

wybór algorytmu kompresji przesyłanych danych

+

domyślnie: bez kompresji

+

Algorytm deflate jest standardową metodą kompresji zgodnie z RFC 1951.

+

Kompresja zlib zaimplementowana w OpenSSL 0.9.8 i nowszych nie jest +kompatybilna implementacją OpenSSL 0.9.7.

+

Kompresja rle nie jest zaimplementowana w aktualnych wersjach OpenSSL.

+
+
debug = poziom[.podsystem]
+ +
+

szczegółowość logowania

+

Poziom logowania można określić przy pomocy jednej z nazw lub liczb: +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6) lub debug (7). +Zapisywane są komunikaty o poziomie niższym (numerycznie) lub równym podanemu. +Do uzyskania najwyższego poziomu szczegółowości można użyć opcji +debug = debug lub debug = 7. Domyślnym poziomem jest notice (5).

+

O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: daemon. +Podsystemy nie są wspierane przez platformę Win32.

+

Wielkość liter jest ignorowana zarówno dla poziomu jak podsystemu.

+
+
EGD = ścieżka_do_EGD (tylko Unix)
+ +
+

ścieżka do gniazda programu Entropy Gathering Daemon

+

Opcja pozwala określić ścieżkę do gniazda programu Entropy Gathering Daemon +używanego do zainicjalizowania generatora ciągów pseudolosowych biblioteki +OpenSSL. Opcja jest dostępna z biblioteką OpenSSL 0.9.5a lub nowszą.

+
+
engine = auto | <identyfikator urządzenia>
+ +
+

wybór sprzętowego urządzenia kryptograficznego

+

domyślnie: bez wykorzystania urządzeń kryptograficznych

+

Przykładowa konfiguracja umożliwiająca odczytanie klucza prywatnego z +urządzenia zgodnego z OpenSC:

+
+    engine=dynamic
+    engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so
+    engineCtrl=ID:pkcs11
+    engineCtrl=LIST_ADD:1
+    engineCtrl=LOAD
+    engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so
+    engineCtrl=INIT
+
+    [service]
+    engineNum=1
+    key=id_45
+
+
engineCtrl = <command>[:<parameter>]
+ +
+

konfiguracja urządzenia kryptograficznego

+

Specjalne komendy "LOAD" i "INIT" pozwalają na załadowanie i inicjalizację +modułu kryptograficznego urządzenia.

+
+
fips = yes | no
+ +
+

Włącz lub wyłącz tryb FIPS 140-2.

+

Opcja pozwala wyłączyć wejście w tryb FIPS, jeśli stunnel został skompilowany +ze wsparciem dla FIPS 140-2.

+

domyślnie: yes (pracuj w trybie FIPS 140-2)

+
+
foreground = yes | no (tylko Unix)
+ +
+

tryb pierwszoplanowy

+

Użycie tej opcji powoduje, że stunnel nie przechodzi w tło logując +swoje komunikaty na konsolę zamiast przez syslog (o ile nie użyto +opcji output).

+
+
output = plik
+ +
+

plik, do którego dopisane zostaną logi

+

Użycie tej opcji powoduje dopisanie logów do podanego pliku.

+

Do kierowaniakomunikatów na standardowe wyjście (na przykład po to, żeby +zalogować je programem splogger z pakietu daemontools) można podać jako +parametr urządzenie /dev/stdout.

+
+
pid = plik (tylko Unix)
+ +
+

położenie pliku z numerem procesu

+

Jeżeli argument jest pusty plik nie zostanie stworzony.

+

Jeżeli zdefiniowano katalog chroot, to ścieżka do pid jest określona +względem tego katalogu.

+
+
RNDbytes = liczba_bajtów
+ +
+

liczba bajtów do zainicjowania generatora pseudolosowego

+

W wersjach biblioteki OpenSSL starszych niż 0.9.5a opcja ta określa +również liczbę bajtów wystarczających do zainicjowania PRNG. +Nowsze wersje biblioteki mają wbudowaną funkcję określającą, czy +dostarczona ilość losowości jest wystarczająca do zainicjowania generatora.

+
+
RNDfile = plik
+ +
+

ścieżka do pliku zawierającego losowe dane

+

Biblioteka OpenSSL użyje danych z tego pliku do zainicjowania +generatora pseudolosowego.

+
+
RNDoverwrite = yes | no
+ +
+

nadpisz plik nowymi wartościami pseudolosowymi

+

domyślnie: yes (nadpisz)

+
+
service = nazwa_serwisu (tylko Unix)
+ +
+

użyj parametru jako nazwy serwisu dla biblioteki TCP Wrapper w trybie inetd

+

domyślnie: stunnel

+
+
setgid = identyfikator_grupy (tylko Unix)
+ +
+

grupa z której prawami pracował będzie stunnel

+
+
setuid = identyfikator_użytkownika (tylko Unix)
+ +
+

użytkownik, z którego prawami pracował będzie stunnel

+
+
socket = a|l|r:option=value[:value]
+ +
+

ustaw opcję na akceptującym/lokalnym/zdalnym gnieździe

+

Dla opcji linger wartości mają postać l_onof:l_linger. +Dla opcji time wartości mają postać tv_sec:tv_usec.

+

Przykłady:

+
+    socket = l:SO_LINGER=1:60
+        ustaw jednominutowe przeterminowanie
+        przy zamykaniu lokalnego gniazda
+    socket = r:SO_OOBINLINE=yes
+        umieść dane pozapasmowe (out-of-band)
+        bezpośrednio w strumieniu danych
+        wejściowych dla zdalnych gniazd
+    socket = a:SO_REUSEADDR=no
+        zablokuj ponowne używanie portu
+        (domyślnie włączone)
+    socket = a:SO_BINDTODEVICE=lo
+        przyjmuj połączenia wyłącznie na
+        interfejsie zwrotnym (ang. loopback)
+
+
syslog = yes | no (tylko Unix)
+ +
+

włącz logowanie poprzez mechanizm syslog

+

domyślnie: yes (włącz)

+
+
taskbar = yes | no (tylko WIN32)
+ +
+

włącz ikonkę w prawym dolnym rogu ekranu

+

domyślnie: yes (włącz)

+
+
+

+

+

OPCJE USŁUG

+

Każda sekcja konfiguracji usługi zaczyna się jej nazwą ujętą w nawias +kwadratowy. Nazwa usługi używana jest do kontroli dostępu przez +bibliotekę libwrap (TCP wrappers) oraz pozwala rozróżnić poszczególne +usługi w logach.

+

Jeżeli stunnel ma zostać użyty w trybie inetd, gdzie za odebranie +połączenia odpowiada osobny program (zwykle inetd, xinetd +lub tcpserver), należy przeczytać sekcję TRYB INETD poniżej.

+
+
accept = [adres:]port
+ +
+

nasłuchuje na połączenia na podanym adresie i porcie

+

Jeżeli nie został podany adres, stunnel domyślnie nasłuchuje +na wszystkich adresach IPv4 lokalnych interfejsów.

+

Aby nasłuchiwać na wszystkich adresach IPv6 należy użyć:

+
+    accept = :::port
+
+
CApath = katalog_CA
+ +
+

katalog Centrum Certyfikacji

+

Opcja określa katalog, w którym stunnel będzie szukał certyfikatów, +jeżeli użyta została opcja verify. Pliki z certyfikatami muszą +posiadać specjalne nazwy XXXXXXXX.0, gdzie XXXXXXXX jest skrótem +kryptograficznym reprezentacji DER nazwy podmiotu certyfikatu.

+

Funkcja skrótu została zmieniona w wersji 1.0.0 biblioteki OpenSSL. +Należy wykonać c_rehash przy zmianie OpenSSL 0.x.x na 1.x.x.

+

Jeżeli zdefiniowano katalog chroot, to ścieżka do CApath jest określona +względem tego katalogu.

+
+
CAfile = plik_CA
+ +
+

plik Centrum Certyfikacji

+

Opcja pozwala określić położenie pliku zawierającego certyfikaty używane +przez opcję verify.

+
+
cert = plik_pem
+ +
+

plik z łańcuchem certyfikatów

+

Opcja określa położenie pliku zawierającego certyfikaty używane przez +program stunnel do uwierzytelnienia się przed drugą stroną połączenia. +Certyfikat jest konieczny, aby używać programu w trybie serwera. +W trybie klienta certyfikat jest opcjonalny.

+
+
ciphers = lista_szyfrów
+ +
+

lista dozwolonych szyfrów SSL

+

Parametrem tej opcji jest lista szyfrów, które będą użyte przy +otwieraniu nowych połączeń SSL, np.: DES-CBC3-SHA:IDEA-CBC-MD5

+
+
client = yes | no
+ +
+

tryb kliencki (zdalna usługa używa SSL)

+

domyślnie: no (tryb serwerowy)

+
+
connect = [adres:]port
+ +
+

połącz się ze zdalnym serwerem na podany port

+

Jeżeli nie został podany adres, stunnel domyślnie łączy się +z lokalnym serwerem.

+

Komenda może byc użyta wielokrotnie w pojedynczej sekcji +celem zapewnienia wysokiej niezawodności lub rozłożenia +ruchu pomiędzy wiele serwerów.

+
+
CRLpath = katalog_CRL
+ +
+

katalog List Odwołanych Certyfikatów (CRL)

+

Opcja określa katalog, w którym stunnel będzie szukał list CRL, +jeżeli użyta została opcja verify. Pliki z listami CRL muszą +posiadać specjalne nazwy XXXXXXXX.r0, gdzie XXXXXXXX jest skrótem +listy CRL.

+

Funkcja skrótu została zmieniona w wersji 1.0.0 biblioteki OpenSSL. +Należy wykonać c_rehash przy zmianie OpenSSL 0.x.x na 1.x.x.

+

Jeżeli zdefiniowano katalog chroot, to ścieżka do CRLpath jest określona +względem tego katalogu.

+
+
CRLfile = plik_CRL
+ +
+

plik List Odwołanych Certyfikatów (CRL)

+

Opcja pozwala określić położenie pliku zawierającego listy CRL używane +przez opcję verify.

+
+
curve = nid
+ +
+

krzywa dla ECDH

+

Listę dostępnych krzywych można uzyskać poleceniem:

+
+    openssl ecparam -list_curves
+

domyślnie: prime256v1

+
+
delay = yes | no
+ +
+

opóźnij rozwinięcie adresu DNS podanego w opcji connect

+

Opcja jest przydatna przy dynamicznym DNS, albo gdy usługa DNS nie jest +dostępna przy starcie programu stunnel (klient VPN, połączenie wdzwaniane).

+
+
engineNum = <numer urządzenia>
+ +
+

wybierz urządzenie do odczyta klucza prywatnego

+

Urządzenia są numerowane od 1 w górę.

+
+
exec = ścieżka_do_programu
+ +
+

wykonaj lokalny program przystosowany do pracy z superdemonem inetd

+

Jeżeli zdefiniowano katalog chroot, to ścieżka do exec jest określona +względem tego katalogu.

+
+
execargs = $0 $1 $2 ...
+ +
+

argumenty do opcji exec włącznie z nazwą programu ($0)

+

Cytowanie nie jest wspierane w obecnej wersji programu. +Argumenty są rozdzielone dowolną liczbą białych znaków.

+
+
failover = rr | prio
+ +
+

Strategia wybierania serwerów wyspecyfikowanych parametrami "connect".

+
+    rr (round robin) - sprawiedliwe rozłożenie obciążenia
+    prio (priority) - użyj kolejności opcji w pliku konfiguracyjnym
+

domyślnie: rr

+
+
ident = nazwa_użytkownika
+ +
+

weryfikuj nazwę zdalnego użytkownika korzystając z protokołu IDENT (RFC 1413)

+
+
key = plik_klucza
+ +
+

klucz prywatny do certyfikatu podanego w opcji cert

+

Klucz prywatny jest potrzebny do uwierzytelnienia właściciela certyfikatu. +Ponieważ powinien on być zachowany w tajemnicy, prawa do jego odczytu +powinien mieć wyłącznie właściciel pliku. W systemie Unix można to osiągnąć +komendą:

+
+    chmod 600 keyfile
+

domyślnie: wartość opcji cert

+
+
libwrap = yes | no
+ +
+

włącz lub wyłącz korzystanie z /etc/hosts.allow i /etc/hosts.deny.

+

domyślnie: yes

+
+
local = serwer
+ +
+

IP źródła do nawiązywania zdalnych połączeń

+

Domyślnie używane jest IP najbardziej zewnętrznego interfejsu w stronę +serwera, do którego nawiązywane jest połączenie.

+
+
sni = nazwa_usługi:nazwa_serwera (tryb serwera)
+ +
+

Użyj usługi jako podrzędnej (virtualnego serwera) dla rozszerzenia TLS Server +Name Indication (RFC 3546).

+

nazwa_usługi wskazuje usługę nadrzędną, która odbiera połączenia od klientów +przy pomocy opcji accept. nazwa_serwera wskazuje nazwę serwera +wirtualnego. Z pojedyńczą usługą nadrzędną powiązane jest zwykle wiele usług +podrzędnych. Opcja sni może być rownież użyta wielokrotnie w ramach jednej +usługi podrzędnej.

+

Zarówno usługa nadrzędna jak i podrzędna nie może być skonfigurowana w trybie +klienckim. Opcja connect usługi podrzędnej jest ignorowana w połączeniu z +opcją protocol, gdyż połączenie do zdalnego serwera jest w tym wypadku +nawiązywane przed negocjacją TLS. Uwierzytelnienie przy pomocy biblioteki +libwrap jest realizowane dwukrotnie: najpierw dla usługi nadrzędnej po +odebraniu połączenia TCP, a następnie dla usługi podrzędnej podczas negocjacji +TLS.

+

Opcja sni jest dostępna począwszy od wersji 1.0.0 biblioteki OpenSSL.

+
+
sni = nazwa_serwera (tryb klienta)
+ +
+

Użyj parametru jako wartości rozszerzenia TLS Server Name Indication +(RFC 3546).

+

Opcja sni jest dostępna począwszy od wersji 1.0.0 biblioteki OpenSSL.

+
+
OCSP = URL
+ +
+

serwer OCSP do weryfikacji certyfikatów

+
+
OCSPflag = flaga
+ +
+

flaga serwera OCSP

+

aktualnie wspierane flagi: NOCERTS, NOINTERN NOSIGS, NOCHAIN, NOVERIFY, +NOEXPLICIT, NOCASIGN, NODELEGATED, NOCHECKS, TRUSTOTHER, RESPID_KEY, NOTIME

+

Aby wyspecyfikować kilka flag należy użyć OCSPflag wielokrotnie.

+
+
options = opcje_SSL
+ +
+

opcje biblioteki OpenSSL

+

Parametrem jest nazwa opcji zgodnie z opisem w SSL_CTX_set_options(3ssl), +ale bez przedrostka SSL_OP_. +Aby wyspecyfikować kilka opcji należy użyć options wielokrotnie.

+

Na przykład dla zachowania kompatybilności z błędami implementacji SSL +w programie Eudora można użyć opcji:

+
+    options = DONT_INSERT_EMPTY_FRAGMENTS
+
+
protocol = protokół
+ +
+

negocjuj SSL podanym protokołem aplikacyjnym (np. starttls lub stls)

+

Opcji protocol nie należy używać z szyfrowaniem SSL na osobnym porcie.

+

Aktualnie wspierane protokoły:

+
+
cifs
+ +
+

Unieudokumentowane rozszerzenie protokołu CIFS wspierane przez serwer Samba. +Wsparcie dla tego rozrzeczenia zostało zarzucone w wersji 3.0.0 serwera Samba.

+
+
connect
+ +
+

Negocjacja RFC 2817 - Upgrading to TLS Within HTTP/1.1, rozdział 5.2 - Requesting a Tunnel with CONNECT

+

Ten protokół jest wspierany wyłącznie w trybie klienckim.

+
+
imap
+ +
+

Negocjacja RFC 2595 - Using TLS with IMAP, POP3 and ACAP

+
+
nntp
+ +
+

Negocjacja RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)

+

Ten protokół jest wspierany wyłącznie w trybie klienckim.

+
+
pgsql
+ +
+

Negocjacja http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982

+
+
pop3
+ +
+

Negocjacja RFC 2449 - POP3 Extension Mechanism

+
+
proxy
+ +
+

Przekazywanie adresu IP haproxy http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt

+
+
smtp
+ +
+

Negocjacja RFC 2487 - SMTP Service Extension for Secure SMTP over TLS

+
+
+
+
protocolAuthentication = uwierzytelnienie
+ +
+

rodzaj uwierzytelnienia do negocjacji protokołu

+

aktualnie wspierane: basic, NTLM

+

Obecnie typ uwierzytelnienia ma zastosowanie wyłącznie w protokole 'connect'.

+

domyślnie: basic

+
+
protocolHost = adres:port
+ +
+

adres docelowy do negocjacji protokołu

+
+
protocolPassword = hasło
+ +
+

hasło do negocjacji protokołu

+
+
protocolUsername = użytkownik
+ +
+

nazwa użytkownika do negocjacji protokołu

+
+
pty = yes | no (tylko Unix)
+ +
+

alokuj pseudoterminal dla programu uruchamianego w opcji 'exec'

+
+
retry = yes | no (tylko Unix)
+ +
+

połącz ponownie sekcję connect+exec po rozłączeniu

+

domyślnie: no

+
+
session = przeterminowanie_pamięci_podręcznej_sesji
+ +
+

czas w sekundach, po którym sesja SSL zostanie usunięta z pamięci podręcznej

+
+
sessiond = adres:port
+ +
+

adres sessiond - servera cache sesji SSL

+
+
sslVersion = wersja
+ +
+

wersja protokołu SSL

+

Dozwolone opcje: all, SSLv2, SSLv3, TLSv1

+
+
stack = liczba_bajtów (z wyjątkiem modelu FORK)
+ +
+

rozmiar stosu procesora wątku

+
+
TIMEOUTbusy = liczba_sekund
+ +
+

czas oczekiwania na spodziewane dane

+
+
TIMEOUTclose = liczba_sekund
+ +
+

czas oczekiwania na close_notify (ustaw na 0, jeżeli klientem jest MSIE)

+
+
TIMEOUTconnect = liczba_sekund
+ +
+

czas oczekiwania na nawiązanie połączenia

+
+
TIMEOUTidle = liczba_sekund
+ +
+

maksymalny czas utrzymywania bezczynnego połączenia

+
+
transparent = none | source | destination | both (tylko Unix)
+ +
+

tryb przezroczystego proxy na wspieranych platformach

+

Wspierane opcje:

+
+
none
+ +
+

Zablokuj wsparcie dla przezroczystago proxy. Jest to wartość domyślna.

+
+
source
+ +
+

Przepisz adres, aby nawiązywane połączenie wydawało się pochodzić +bezpośrednio od klienta, a nie od programu stunnel.

+

Opcja jest aktualnie obsługiwana w:

+
+
Trybie zdalnym (opcja connect) w systemie Linux >=2.6.28
+ +
+

Konfiguracja wymaga następujących ustawień iptables oraz routingu +(na przykład w pliku /etc/rc.local lub analogicznym):

+
+    iptables -t mangle -N DIVERT
+    iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+    iptables -t mangle -A DIVERT -j MARK --set-mark 1
+    iptables -t mangle -A DIVERT -j ACCEPT
+    ip rule add fwmark 1 lookup 100
+    ip route add local 0.0.0.0/0 dev lo table 100
+    echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
+

Konfiguracja ta wymaga, aby stunnel był wykonywany jako root i bez opcji setuid.

+
+
Trybie zdalnym (opcja connect) w systemie Linux 2.2.x
+ +
+

Konfiguracja ta wymaga skompilowania jądra z opcją transparent proxy. +Docelowa usługa musi być umieszczona na osobnej maszynie, do której routing +kierowany jest poprzez serwer stunnela.

+

Dodatkowo stunnel powinien być wykonywany jako root i bez opcji setuid.

+
+
Trybie zdalnym (opcja connect) w systemie FreeBSD >=8.0
+ +
+

Konfiguracja ta wymaga skonfigurowania firewalla i routingu. +stunnel musi być wykonywany jako root i bez opcji setuid.

+
+
Trybie lokalnym (opcja exec)
+ +
+

Konfiguracja ta jest realizowana przy pomocy biblioteki libstunnel.so. +Do załadowania biblioteki wykorzystywana jest zmienna środowiskowa _RLD_LIST na +platformie Tru64 lub LD_PRELOAD na innych platformach.

+
+
+
+
destination
+ +
+

Oryginalny adres docelowy jest używany zamiast opcji connect.

+

Przykładowana konfiguracja przezroczystego adresu docelowego:

+
+    [transparent]
+    client=yes
+    accept=<port_stunnela>
+    transparent=destination
+

Konfiguracja wymaga następujących ustawień iptables +(na przykład w pliku /etc/rc.local lub analogicznym):

+
+    /sbin/iptables -I INPUT -i eth0 -p tcp --dport <port_stunnela> -j ACCEPT
+    /sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport <port_przekierowany> -j DNAT --to-destination <lokalne_ip>:<port_stunnela>
+

Przezroczysty adres docelowy jest aktualnie wspierany wyłącznie w systemie Linux.

+
+
both
+ +
+

Użyj przezroczystego proxy zarówno dla adresu źródłowego jak i docelowego.

+
+
+

Dla zapewnienia kompatybilności z wcześniejszymim wersjami wspierane są dwie +dodatkowe opcje:

+
+
yes
+ +
+

Opcja została przemianowana na source.

+
+
no
+ +
+

Opcja została przemianowana na none.

+
+
+
+
verify = poziom
+ +
+

weryfikuj certyfikat drugiej strony połączenia

+
+
poziom 0 - zarządaj certyfikatu i zignoruj go
+ +
poziom 1 - weryfikuj, jeżeli został przedstawiony
+ +
poziom 2 - weryfikuj z zainstalowanym certyfikatem Centrum Certyfikacji
+ +
poziom 3 - weryfikuj z lokalnie zainstalowanym certyfikatem drugiej strony
+ +
poziom 4 - weryfikuj z certyfikatem drugiej strony ignorując łańcuch CA
+ +
domyślnie - nie weryfikuj
+ +
+
+
+

+

+
+

ZWRACANA WARTOŚĆ

+

stunnel zwraca zero w przypadku sukcesu, lub wartość niezerową +w przypadku błędu.

+

+

+
+

SIGNAŁY

+

Następujące sygnały mogą być użyte do sterowania programem w systemie Unix:

+
+
SIGHUP
+ +
+

Załaduj ponownie plik konfiguracyjny.

+

Niektóre globalne opcje nie będą przeładowane:

+ +

Jeżeli wykorzystywana jest opcja 'setuid' stunnel nie będzie mógł załadować +ponownie konfiguracji wykorzystującej uprzywilejowane (<1024) porty.

+

Jeżeli wykorzystywana jest opcja 'chroot' stunnel będzie szukał wszystkich +potrzebnych plików (łącznie z plikiem konfiguracyjnym, certyfikatami, logiem i +plikiem pid) wewnątrz katalogu wskazanego przez 'chroot'.

+
+
SIGUSR1
+ +
+

Zamknij i otwórz ponownie log. +Funkcja ta może zostać użyta w skrypcie rotującym log programu stunnel.

+
+
SIGTERM, SIGQUIT, SIGINT
+ +
+

Zakończ działanie programu.

+
+
+

Skutek wysłania innych sygnałów jest niezdefiniowany.

+

+

+
+

PRZYKŁADY

+

Szyfrowanie połączeń do lokalnego serwera imapd można użyć:

+
+    [imapd]
+    accept = 993
+    exec = /usr/sbin/imapd
+    execargs = imapd
+

albo w trybie zdalnym:

+
+    [imapd]
+    accept = 993
+    connect = 143
+

W połączeniu z programem pppd stunnel pozwala zestawić prosty VPN. +Po stronie serwera nasłuchującego na porcie 2020 jego konfiguracja +może wyglądać następująco:

+
+    [vpn]
+    accept = 2020
+    exec = /usr/sbin/pppd
+    execargs = pppd local
+    pty = yes
+

Poniższy plik konfiguracyjny może być wykorzystany do uruchomienia +programu stunnel w trybie inetd. Warto zauważyć, że w pliku +konfiguracyjnym nie ma sekcji [nazwa_usługi].

+
+    exec = /usr/sbin/imapd
+    execargs = imapd
+

+

+
+

NOTKI

+

+

+

OGRANICZENIA

+

stunnel nie może być używany do szyfrowania protokołu FTP, +ponieważ do przesyłania poszczególnych plików używa on dodatkowych +połączeń otwieranych na portach o dynamicznie przydzielanych numerach. +Istnieją jednak specjalne wersje klientów i serwerów FTP pozwalające +na szyfrowanie przesyłanych danych przy pomocy protokołu SSL.

+

+

+

TRYB INETD (tylko Unix)

+

W większości zastosowań stunnel samodzielnie nasłuchuje na porcie +podanym w pliku konfiguracyjnym i tworzy połączenie z innym portem +podanym w opcji connect lub nowym programem podanym w opcji exec. +Niektórzy wolą jednak wykorzystywać oddzielny program, który odbiera +połączenia, po czym uruchamia program stunnel. Przykładami takich +programów są inetd, xinetd i tcpserver.

+

Przykładowa linia pliku /etc/inetd.conf może wyglądać tak:

+
+    imaps stream tcp nowait root /usr/bin/stunnel
+        stunnel /etc/stunnel/imaps.conf
+

Ponieważ w takich przypadkach połączenie na zdefiniowanym porcie +(tutaj imaps) nawiązuje osobny program (tutaj inetd), stunnel +nie może używać opcji accept. W pliku konfiguracyjnym nie może +być również zdefiniowana żadna usługa ([nazwa_usługi]), ponieważ +konfiguracja taka pozwala na nawiązanie tylko jednego połączenia. +Wszystkie OPCJE USŁUG powinny być umieszczone razem z opcjami +globalnymi. Przykład takiej konfiguracji znajduje się w sekcji +PRZYKŁADY.

+

+

+

CERTYFIKATY

+

Protokół SSL wymaga, aby każdy serwer przedstawiał się nawiązującemu +połączenie klientowi prawidłowym certyfikatem X.509. +Potwierdzenie tożsamości serwera polega na wykazaniu, że posiada on +odpowiadający certyfikatowi klucz prywatny. +Najprostszą metodą uzyskania certyfikatu jest wygenerowanie +go przy pomocy wolnego pakietu OpenSSL. Więcej informacji na temat +generowania certyfikatów można znaleźć na umieszczonych poniżej stronach.

+

Istotną kwestią jest kolejność zawartości pliku .pem. +W pierwszej kolejności powinien on zawierać klucz prywatny, +a dopiero za nim podpisany certyfikat (nie żądanie certyfikatu). +Po certyfikacie i kluczu prywatnym powinny znajdować się puste linie. +Jeżeli przed certyfikatem znajdują się dodatkowe informacje tekstowe, +to powinny one zostać usunięte. Otrzymany plik powinien mieć +następującą postać:

+
+    -----BEGIN RSA PRIVATE KEY-----
+    [zakodowany klucz]
+    -----END RSA PRIVATE KEY-----
+    [pusta linia]
+    -----BEGIN CERTIFICATE-----
+    [zakodowany certyfikat]
+    -----END CERTIFICATE-----
+    [pusta linia]
+

+

+

LOSOWOŚĆ

+

stunnel potrzebuje zainicjować PRNG (generator liczb pseudolosowych), +gdyż protokół SSL wymaga do bezpieczeństwa kryptograficznego źródła +dobrej losowości. Następujące źródła są kolejno odczytywane aż do +uzyskania wystarczającej ilości entropii:

+ +

Współczesne (>=0.9.5a) wersje biblioteki OpenSSL automatycznie +zaprzestają ładowania kolejnych danych w momencie uzyskania wystarczającej +ilości entropii. Wcześniejsze wersje biblioteki wykorzystają wszystkie +powyższe źródła, gdyż nie istnieje tam funkcja pozwalająca określić, +czy uzyskano już wystarczająco dużo danych.

+

Warto zwrócić uwagę, że na maszynach z systemem Windows, na których +konsoli nie pracuje użytkownik, zawartość ekranu nie jest wystarczająco +zmienna, aby zainicjować PRNG. W takim przypadku do zainicjowania +generatora należy użyć opcji RNDfile.

+

Plik RNDfile powinien zawierać dane losowe -- również w tym sensie, +że powinny być one inne przy każdym uruchomieniu programu stunnel. +O ile nie użyta została opcja RNDoverwrite jest to robione +automatycznie. Do ręcznego uzyskania takiego pliku użyteczna +może być komenda openssl rand dostarczana ze współczesnymi +wersjami pakietu OpenSSL.

+

Jeszcze jedna istotna informacja -- jeżeli dostępne jest urządzenie +/dev/urandom biblioteka OpenSSL ma zwyczaj zasilania nim PRNG w trakcie +sprawdzania stanu generatora. W systemach z /dev/urandom urządzenie +to będzie najprawdopodobniej użyte, pomimo że znajduje się na samym końcu +powyższej listy. Jest to właściwość biblioteki OpenSSL, a nie programu +stunnel.

+

+

+

PARAMETRY DH

+

Począwszy od wersji 4.40 stunnel zawiera w kodzie programu 2048-bitowe +parametry DH.

+

Alternatywnie parametry DH można umieścić w pliku razem z certyfikatem:

+
+    openssl dhparam 2048 >> stunnel.pem
+

Wygenerowanie parametrów DH może zająć nawet wiele minut.

+

+

+
+

PLIKI

+
+
stunnel.conf
+ +
+

plik konfiguracyjny programu

+
+
+

+

+
+

BŁĘDY

+

Opcja execargs nie obsługuje cytowania.

+

+

+
+

ZOBACZ RÓWNIEŻ

+
+
tcpd(8)
+ +
+

biblioteka kontroli dostępu do usług internetowych

+
+
inetd(8)
+ +
+

'super-serwer' internetowy

+
+
http://www.stunnel.org/
+ +
+

strona domowa programu stunnel

+
+
http://www.openssl.org/
+ +
+

strona projektu OpenSSL

+
+
+

+

+
+

AUTOR

+
+
Michał Trojnara
+ +
+

<Michal.Trojnara@mirt.net>

+
+
+ + + + diff --git a/doc/stunnel.pl.pod b/doc/stunnel.pl.pod new file mode 100644 index 0000000..e467bcf --- /dev/null +++ b/doc/stunnel.pl.pod @@ -0,0 +1,1035 @@ +=head1 NAZWA + +=encoding utf8 + +stunnel - uniwersalny tunel protokołu SSL + + +=head1 SKŁADNIA + +=over 4 + +=item B + +B [>] | S<-fd n> | S<-help> | S<-version> | S<-sockets> + +=item B + +B [ [S<-install> | S<-uninstall> | S<-start> | S<-stop> ] | S<-exit>] + [S<-quiet>] [>] ] | S<-help> | S<-version> | S<-sockets> + +=back + + +=head1 OPIS + +Program B został zaprojektowany do opakowywania w protokół I +połączeń pomiędzy zdalnymi klientami a lokalnymi lub zdalnymi serwerami. +Przez serwer lokalny rozumiana jest aplikacja przeznaczona do uruchamiania +przy pomocy I. +Stunnel pozwala na proste zestawienie komunikacji serwerów nie posiadających +funkcjonalności I poprzez bezpieczne kanały I. + +B pozwala dodać funkcjonalność I do powszechnie stosowanych +demonów I, np. I lub I, do samodzielnych demonów, +np. I, I lub I, a nawet tunelować ppp poprzez gniazda sieciowe +bez zmian w kodzie źródłowym. + + +=head1 OPCJE + +=over 4 + +=item > + +użyj podanego pliku konfiguracyjnego + +=item B<-fd n> (tylko Unix) + +wczytaj konfigurację z podanego deskryptora pliku + +=item B<-help> + +drukuj listę wspieranych opcji + +=item B<-version> + +drukuj wersję programu i domyślne wartości parametrów + +=item B<-sockets> + +drukuj domyślne opcje gniazd + +=item B<-install> (tylko NT/2000/XP) + +instaluj serwis NT + +=item B<-uninstall> (tylko NT/2000/XP) + +odinstaluj serwis NT + +=item B<-start> (tylko NT/2000/XP) + +uruchom serwis NT + +=item B<-stop> (tylko NT/2000/XP) + +zatrzymaj serwis NT + +=item B<-exit> (tylko Win32) + +zatrzymaj uruchomiony program + +=item B<-quiet> (tylko NT/2000/XP) + +nie wyświetlaj okienka informującego o pomyślnym zainstalowaniu lub +odinstalowaniu + +=back + + +=head1 PLIK KONFIGURACYJNY + +Linia w pliku konfiguracyjnym może być: + +=over 4 + +=item * pusta (ignorowana) + +=item * komentarzem rozpoczynającym się znakiem ';' (ignorowana) + +=item * parą 'nazwa_opcji = wartość_opcji' + +=item * tekstem '[nazwa_usługi]' wskazującym początek definicji usługi + +=back + +Parametr adres może być: + +=over 4 + +=item * numerem portu + +=item * oddzieloną średnikiem parą adresu (IPv4, IPv6, lub nazwą domenową) i numeru portu + +=item * ścieżką do gniazda Unix (tylko Unix) + +=back + +=head2 OPCJE GLOBALNE + +=over 4 + +=item B = katalog (tylko Unix) + +katalog roboczego korzenia systemu plików + +Opcja określa katalog, w którym uwięziony zostanie proces programu +B tuż po jego inicjalizacji, a przed rozpoczęciem odbierania +połączeń. Ścieżki podane w opcjach I, I, I +oraz I muszą być umieszczone wewnątrz katalogu podanego w opcji +I i określone względem tego katalogu. + +=item B = deflate | zlib | rle + +wybór algorytmu kompresji przesyłanych danych + +domyślnie: bez kompresji + +Algorytm deflate jest standardową metodą kompresji zgodnie z RFC 1951. + +Kompresja zlib zaimplementowana w OpenSSL 0.9.8 i nowszych nie jest +kompatybilna implementacją OpenSSL 0.9.7. + +Kompresja rle nie jest zaimplementowana w aktualnych wersjach OpenSSL. + +=item B = poziom[.podsystem] + +szczegółowość logowania + +Poziom logowania można określić przy pomocy jednej z nazw lub liczb: +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6) lub debug (7). +Zapisywane są komunikaty o poziomie niższym (numerycznie) lub równym podanemu. +Do uzyskania najwyższego poziomu szczegółowości można użyć opcji +I lub I. Domyślnym poziomem jest notice (5). + +O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: daemon. +Podsystemy nie są wspierane przez platformę Win32. + +Wielkość liter jest ignorowana zarówno dla poziomu jak podsystemu. + +=item B = ścieżka_do_EGD (tylko Unix) + +ścieżka do gniazda programu Entropy Gathering Daemon + +Opcja pozwala określić ścieżkę do gniazda programu Entropy Gathering Daemon +używanego do zainicjalizowania generatora ciągów pseudolosowych biblioteki +OpenSSL. Opcja jest dostępna z biblioteką OpenSSL 0.9.5a lub nowszą. + +=item B = auto | + +wybór sprzętowego urządzenia kryptograficznego + +domyślnie: bez wykorzystania urządzeń kryptograficznych + +Przykładowa konfiguracja umożliwiająca odczytanie klucza prywatnego z +urządzenia zgodnego z OpenSC: + + engine=dynamic + engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so + engineCtrl=ID:pkcs11 + engineCtrl=LIST_ADD:1 + engineCtrl=LOAD + engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so + engineCtrl=INIT + + [service] + engineNum=1 + key=id_45 + +=item B = [:] + +konfiguracja urządzenia kryptograficznego + +Specjalne komendy "LOAD" i "INIT" pozwalają na załadowanie i inicjalizację +modułu kryptograficznego urządzenia. + +=item B = yes | no + +Włącz lub wyłącz tryb FIPS 140-2. + +Opcja pozwala wyłączyć wejście w tryb FIPS, jeśli stunnel został skompilowany +ze wsparciem dla FIPS 140-2. + +domyślnie: yes (pracuj w trybie FIPS 140-2) + +=item B = yes | no (tylko Unix) + +tryb pierwszoplanowy + +Użycie tej opcji powoduje, że I nie przechodzi w tło logując +swoje komunikaty na konsolę zamiast przez I (o ile nie użyto +opcji I). + +=item B = plik + +plik, do którego dopisane zostaną logi + +Użycie tej opcji powoduje dopisanie logów do podanego pliku. + +Do kierowaniakomunikatów na standardowe wyjście (na przykład po to, żeby +zalogować je programem splogger z pakietu daemontools) można podać jako +parametr urządzenie /dev/stdout. + +=item B = plik (tylko Unix) + +położenie pliku z numerem procesu + +Jeżeli argument jest pusty plik nie zostanie stworzony. + +Jeżeli zdefiniowano katalog I, to ścieżka do I jest określona +względem tego katalogu. + +=item B = liczba_bajtów + +liczba bajtów do zainicjowania generatora pseudolosowego + +W wersjach biblioteki OpenSSL starszych niż 0.9.5a opcja ta określa +również liczbę bajtów wystarczających do zainicjowania PRNG. +Nowsze wersje biblioteki mają wbudowaną funkcję określającą, czy +dostarczona ilość losowości jest wystarczająca do zainicjowania generatora. + +=item B = plik + +ścieżka do pliku zawierającego losowe dane + +Biblioteka OpenSSL użyje danych z tego pliku do zainicjowania +generatora pseudolosowego. + +=item B = yes | no + +nadpisz plik nowymi wartościami pseudolosowymi + +domyślnie: yes (nadpisz) + +=item B = nazwa_serwisu (tylko Unix) + +użyj parametru jako nazwy serwisu dla biblioteki TCP Wrapper w trybie I + +domyślnie: stunnel + +=item B = identyfikator_grupy (tylko Unix) + +grupa z której prawami pracował będzie I + +=item B = identyfikator_użytkownika (tylko Unix) + +użytkownik, z którego prawami pracował będzie I + +=item B = a|l|r:option=value[:value] + +ustaw opcję na akceptującym/lokalnym/zdalnym gnieździe + +Dla opcji linger wartości mają postać l_onof:l_linger. +Dla opcji time wartości mają postać tv_sec:tv_usec. + +Przykłady: + + socket = l:SO_LINGER=1:60 + ustaw jednominutowe przeterminowanie + przy zamykaniu lokalnego gniazda + socket = r:SO_OOBINLINE=yes + umieść dane pozapasmowe (out-of-band) + bezpośrednio w strumieniu danych + wejściowych dla zdalnych gniazd + socket = a:SO_REUSEADDR=no + zablokuj ponowne używanie portu + (domyślnie włączone) + socket = a:SO_BINDTODEVICE=lo + przyjmuj połączenia wyłącznie na + interfejsie zwrotnym (ang. loopback) + +=item B = yes | no (tylko Unix) + +włącz logowanie poprzez mechanizm syslog + +domyślnie: yes (włącz) + +=item B = yes | no (tylko WIN32) + +włącz ikonkę w prawym dolnym rogu ekranu + +domyślnie: yes (włącz) + +=back + + +=head2 OPCJE USŁUG + +Każda sekcja konfiguracji usługi zaczyna się jej nazwą ujętą w nawias +kwadratowy. Nazwa usługi używana jest do kontroli dostępu przez +bibliotekę libwrap (TCP wrappers) oraz pozwala rozróżnić poszczególne +usługi w logach. + +Jeżeli B ma zostać użyty w trybie I, gdzie za odebranie +połączenia odpowiada osobny program (zwykle I, I +lub I), należy przeczytać sekcję I poniżej. + +=over 4 + +=item B = [adres:]port + +nasłuchuje na połączenia na podanym adresie i porcie + +Jeżeli nie został podany adres, I domyślnie nasłuchuje +na wszystkich adresach IPv4 lokalnych interfejsów. + +Aby nasłuchiwać na wszystkich adresach IPv6 należy użyć: + + accept = :::port + +=item B = katalog_CA + +katalog Centrum Certyfikacji + +Opcja określa katalog, w którym B będzie szukał certyfikatów, +jeżeli użyta została opcja I. Pliki z certyfikatami muszą +posiadać specjalne nazwy XXXXXXXX.0, gdzie XXXXXXXX jest skrótem +kryptograficznym reprezentacji DER nazwy podmiotu certyfikatu. + +Funkcja skrótu została zmieniona w wersji 1.0.0 biblioteki OpenSSL. +Należy wykonać c_rehash przy zmianie OpenSSL 0.x.x na 1.x.x. + +Jeżeli zdefiniowano katalog I, to ścieżka do I jest określona +względem tego katalogu. + +=item B = plik_CA + +plik Centrum Certyfikacji + +Opcja pozwala określić położenie pliku zawierającego certyfikaty używane +przez opcję I. + +=item B = plik_pem + +plik z łańcuchem certyfikatów + +Opcja określa położenie pliku zawierającego certyfikaty używane przez +program B do uwierzytelnienia się przed drugą stroną połączenia. +Certyfikat jest konieczny, aby używać programu w trybie serwera. +W trybie klienta certyfikat jest opcjonalny. + +=item B = lista_szyfrów + +lista dozwolonych szyfrów SSL + +Parametrem tej opcji jest lista szyfrów, które będą użyte przy +otwieraniu nowych połączeń SSL, np.: DES-CBC3-SHA:IDEA-CBC-MD5 + +=item B = yes | no + +tryb kliencki (zdalna usługa używa SSL) + +domyślnie: no (tryb serwerowy) + +=item B = [adres:]port + +połącz się ze zdalnym serwerem na podany port + +Jeżeli nie został podany adres, I domyślnie łączy się +z lokalnym serwerem. + +Komenda może byc użyta wielokrotnie w pojedynczej sekcji +celem zapewnienia wysokiej niezawodności lub rozłożenia +ruchu pomiędzy wiele serwerów. + +=item B = katalog_CRL + +katalog List Odwołanych Certyfikatów (CRL) + +Opcja określa katalog, w którym B będzie szukał list CRL, +jeżeli użyta została opcja I. Pliki z listami CRL muszą +posiadać specjalne nazwy XXXXXXXX.r0, gdzie XXXXXXXX jest skrótem +listy CRL. + +Funkcja skrótu została zmieniona w wersji 1.0.0 biblioteki OpenSSL. +Należy wykonać c_rehash przy zmianie OpenSSL 0.x.x na 1.x.x. + +Jeżeli zdefiniowano katalog I, to ścieżka do I jest określona +względem tego katalogu. + +=item B = plik_CRL + +plik List Odwołanych Certyfikatów (CRL) + +Opcja pozwala określić położenie pliku zawierającego listy CRL używane +przez opcję I. + +=item B = nid + +krzywa dla ECDH + +Listę dostępnych krzywych można uzyskać poleceniem: + + openssl ecparam -list_curves + +domyślnie: prime256v1 + +=item B = yes | no + +opóźnij rozwinięcie adresu DNS podanego w opcji I + +Opcja jest przydatna przy dynamicznym DNS, albo gdy usługa DNS nie jest +dostępna przy starcie programu stunnel (klient VPN, połączenie wdzwaniane). + +=item B = + +wybierz urządzenie do odczyta klucza prywatnego + +Urządzenia są numerowane od 1 w górę. + +=item B = ścieżka_do_programu + +wykonaj lokalny program przystosowany do pracy z superdemonem inetd + +Jeżeli zdefiniowano katalog I, to ścieżka do I jest określona +względem tego katalogu. + +=item B = $0 $1 $2 ... + +argumenty do opcji I włącznie z nazwą programu ($0) + +Cytowanie nie jest wspierane w obecnej wersji programu. +Argumenty są rozdzielone dowolną liczbą białych znaków. + +=item B = rr | prio + +Strategia wybierania serwerów wyspecyfikowanych parametrami "connect". + + rr (round robin) - sprawiedliwe rozłożenie obciążenia + prio (priority) - użyj kolejności opcji w pliku konfiguracyjnym + +domyślnie: rr + +=item B = nazwa_użytkownika + +weryfikuj nazwę zdalnego użytkownika korzystając z protokołu IDENT (RFC 1413) + +=item B = plik_klucza + +klucz prywatny do certyfikatu podanego w opcji I + +Klucz prywatny jest potrzebny do uwierzytelnienia właściciela certyfikatu. +Ponieważ powinien on być zachowany w tajemnicy, prawa do jego odczytu +powinien mieć wyłącznie właściciel pliku. W systemie Unix można to osiągnąć +komendą: + + chmod 600 keyfile + +domyślnie: wartość opcji I + +=item B = yes | no + +włącz lub wyłącz korzystanie z /etc/hosts.allow i /etc/hosts.deny. + +domyślnie: yes + +=item B = serwer + +IP źródła do nawiązywania zdalnych połączeń + +Domyślnie używane jest IP najbardziej zewnętrznego interfejsu w stronę +serwera, do którego nawiązywane jest połączenie. + +=item B = nazwa_usługi:nazwa_serwera (tryb serwera) + +Użyj usługi jako podrzędnej (virtualnego serwera) dla rozszerzenia TLS Server +Name Indication (RFC 3546). + +I wskazuje usługę nadrzędną, która odbiera połączenia od klientów +przy pomocy opcji I. I wskazuje nazwę serwera +wirtualnego. Z pojedyńczą usługą nadrzędną powiązane jest zwykle wiele usług +podrzędnych. Opcja I może być rownież użyta wielokrotnie w ramach jednej +usługi podrzędnej. + +Zarówno usługa nadrzędna jak i podrzędna nie może być skonfigurowana w trybie +klienckim. Opcja I usługi podrzędnej jest ignorowana w połączeniu z +opcją I, gdyż połączenie do zdalnego serwera jest w tym wypadku +nawiązywane przed negocjacją TLS. Uwierzytelnienie przy pomocy biblioteki +libwrap jest realizowane dwukrotnie: najpierw dla usługi nadrzędnej po +odebraniu połączenia TCP, a następnie dla usługi podrzędnej podczas negocjacji +TLS. + +Opcja I jest dostępna począwszy od wersji 1.0.0 biblioteki OpenSSL. + +=item B = nazwa_serwera (tryb klienta) + +Użyj parametru jako wartości rozszerzenia TLS Server Name Indication +(RFC 3546). + +Opcja I jest dostępna począwszy od wersji 1.0.0 biblioteki OpenSSL. + +=item B = URL + +serwer OCSP do weryfikacji certyfikatów + +=item B = flaga + +flaga serwera OCSP + +aktualnie wspierane flagi: NOCERTS, NOINTERN NOSIGS, NOCHAIN, NOVERIFY, +NOEXPLICIT, NOCASIGN, NODELEGATED, NOCHECKS, TRUSTOTHER, RESPID_KEY, NOTIME + +Aby wyspecyfikować kilka flag należy użyć I wielokrotnie. + +=item B = opcje_SSL + +opcje biblioteki OpenSSL + +Parametrem jest nazwa opcji zgodnie z opisem w I, +ale bez przedrostka I. +Aby wyspecyfikować kilka opcji należy użyć I wielokrotnie. + +Na przykład dla zachowania kompatybilności z błędami implementacji SSL +w programie Eudora można użyć opcji: + + options = DONT_INSERT_EMPTY_FRAGMENTS + +=item B = protokół + +negocjuj SSL podanym protokołem aplikacyjnym (np. I lub I) + +Opcji I nie należy używać z szyfrowaniem SSL na osobnym porcie. + +Aktualnie wspierane protokoły: + +=over 4 + +=item I + +Unieudokumentowane rozszerzenie protokołu CIFS wspierane przez serwer Samba. +Wsparcie dla tego rozrzeczenia zostało zarzucone w wersji 3.0.0 serwera Samba. + +=item I + +Negocjacja RFC 2817 - I, rozdział 5.2 - I + +Ten protokół jest wspierany wyłącznie w trybie klienckim. + +=item I + +Negocjacja RFC 2595 - I + +=item I + +Negocjacja RFC 4642 - I + +Ten protokół jest wspierany wyłącznie w trybie klienckim. + +=item I + +Negocjacja http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982 + +=item I + +Negocjacja RFC 2449 - I + +=item I + +Przekazywanie adresu IP haproxy http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt + +=item I + +Negocjacja RFC 2487 - I + +=back + +=item B = uwierzytelnienie + +rodzaj uwierzytelnienia do negocjacji protokołu + +aktualnie wspierane: basic, NTLM + +Obecnie typ uwierzytelnienia ma zastosowanie wyłącznie w protokole 'connect'. + +domyślnie: basic + +=item B = adres:port + +adres docelowy do negocjacji protokołu + +=item B = hasło + +hasło do negocjacji protokołu + +=item B = użytkownik + +nazwa użytkownika do negocjacji protokołu + +=item B = yes | no (tylko Unix) + +alokuj pseudoterminal dla programu uruchamianego w opcji 'exec' + +=item B = yes | no (tylko Unix) + +połącz ponownie sekcję connect+exec po rozłączeniu + +domyślnie: no + +=item B = przeterminowanie_pamięci_podręcznej_sesji + +czas w sekundach, po którym sesja SSL zostanie usunięta z pamięci podręcznej + +=item B = adres:port + +adres sessiond - servera cache sesji SSL + +=item B = wersja + +wersja protokołu SSL + +Dozwolone opcje: all, SSLv2, SSLv3, TLSv1 + +=item B = liczba_bajtów (z wyjątkiem modelu FORK) + +rozmiar stosu procesora wątku + +=item B = liczba_sekund + +czas oczekiwania na spodziewane dane + +=item B = liczba_sekund + +czas oczekiwania na close_notify (ustaw na 0, jeżeli klientem jest MSIE) + +=item B = liczba_sekund + +czas oczekiwania na nawiązanie połączenia + +=item B = liczba_sekund + +maksymalny czas utrzymywania bezczynnego połączenia + +=item B = none | source | destination | both (tylko Unix) + +tryb przezroczystego proxy na wspieranych platformach + +Wspierane opcje: + +=over 4 + +=item B + +Zablokuj wsparcie dla przezroczystago proxy. Jest to wartość domyślna. + +=item B + +Przepisz adres, aby nawiązywane połączenie wydawało się pochodzić +bezpośrednio od klienta, a nie od programu I. + +Opcja jest aktualnie obsługiwana w: + +=over 4 + +=item Trybie zdalnym (opcja I) w systemie I=2.6.28> + +Konfiguracja wymaga następujących ustawień iptables oraz routingu +(na przykład w pliku /etc/rc.local lub analogicznym): + + iptables -t mangle -N DIVERT + iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT + iptables -t mangle -A DIVERT -j MARK --set-mark 1 + iptables -t mangle -A DIVERT -j ACCEPT + ip rule add fwmark 1 lookup 100 + ip route add local 0.0.0.0/0 dev lo table 100 + echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter + +Konfiguracja ta wymaga, aby B był wykonywany jako root i bez opcji I. + +=item Trybie zdalnym (opcja I) w systemie I + +Konfiguracja ta wymaga skompilowania jądra z opcją I. +Docelowa usługa musi być umieszczona na osobnej maszynie, do której routing +kierowany jest poprzez serwer stunnela. + +Dodatkowo B powinien być wykonywany jako root i bez opcji I. + +=item Trybie zdalnym (opcja I) w systemie I=8.0> + +Konfiguracja ta wymaga skonfigurowania firewalla i routingu. +B musi być wykonywany jako root i bez opcji I. + +=item Trybie lokalnym (opcja I) + +Konfiguracja ta jest realizowana przy pomocy biblioteki I. +Do załadowania biblioteki wykorzystywana jest zmienna środowiskowa _RLD_LIST na +platformie Tru64 lub LD_PRELOAD na innych platformach. + +=back + +=item I + +Oryginalny adres docelowy jest używany zamiast opcji I. + +Przykładowana konfiguracja przezroczystego adresu docelowego: + + [transparent] + client=yes + accept= + transparent=destination + +Konfiguracja wymaga następujących ustawień iptables +(na przykład w pliku /etc/rc.local lub analogicznym): + + /sbin/iptables -I INPUT -i eth0 -p tcp --dport -j ACCEPT + /sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport -j DNAT --to-destination : + +Przezroczysty adres docelowy jest aktualnie wspierany wyłącznie w systemie Linux. + +=item I + +Użyj przezroczystego proxy zarówno dla adresu źródłowego jak i docelowego. + +=back + +Dla zapewnienia kompatybilności z wcześniejszymim wersjami wspierane są dwie +dodatkowe opcje: + +=over 4 + +=item I + +Opcja została przemianowana na I. + +=item I + +Opcja została przemianowana na I. + +=back + +=item B = poziom + +weryfikuj certyfikat drugiej strony połączenia + +=over 4 + +=item I - zarządaj certyfikatu i zignoruj go + +=item I - weryfikuj, jeżeli został przedstawiony + +=item I - weryfikuj z zainstalowanym certyfikatem Centrum Certyfikacji + +=item I - weryfikuj z lokalnie zainstalowanym certyfikatem drugiej strony + +=item I - weryfikuj z certyfikatem drugiej strony ignorując łańcuch CA + +=item I - nie weryfikuj + +=back + +=back + + +=head1 ZWRACANA WARTOŚĆ + +B zwraca zero w przypadku sukcesu, lub wartość niezerową +w przypadku błędu. + + +=head1 SIGNAŁY + +Następujące sygnały mogą być użyte do sterowania programem w systemie Unix: + +=over 4 + +=item SIGHUP + +Załaduj ponownie plik konfiguracyjny. + +Niektóre globalne opcje nie będą przeładowane: + +=over 4 + +=item * chroot + +=item * foreground + +=item * pid + +=item * setgid + +=item * setuid + +=back + +Jeżeli wykorzystywana jest opcja 'setuid' stunnel nie będzie mógł załadować +ponownie konfiguracji wykorzystującej uprzywilejowane (<1024) porty. + +Jeżeli wykorzystywana jest opcja 'chroot' stunnel będzie szukał wszystkich +potrzebnych plików (łącznie z plikiem konfiguracyjnym, certyfikatami, logiem i +plikiem pid) wewnątrz katalogu wskazanego przez 'chroot'. + +=item SIGUSR1 + +Zamknij i otwórz ponownie log. +Funkcja ta może zostać użyta w skrypcie rotującym log programu stunnel. + +=item SIGTERM, SIGQUIT, SIGINT + +Zakończ działanie programu. + +=back + +Skutek wysłania innych sygnałów jest niezdefiniowany. + + +=head1 PRZYKŁADY + +Szyfrowanie połączeń do lokalnego serwera I można użyć: + + [imapd] + accept = 993 + exec = /usr/sbin/imapd + execargs = imapd + +albo w trybie zdalnym: + + [imapd] + accept = 993 + connect = 143 + +W połączeniu z programem I B pozwala zestawić prosty VPN. +Po stronie serwera nasłuchującego na porcie 2020 jego konfiguracja +może wyglądać następująco: + + [vpn] + accept = 2020 + exec = /usr/sbin/pppd + execargs = pppd local + pty = yes + +Poniższy plik konfiguracyjny może być wykorzystany do uruchomienia +programu B w trybie I. Warto zauważyć, że w pliku +konfiguracyjnym nie ma sekcji I<[nazwa_usługi]>. + + exec = /usr/sbin/imapd + execargs = imapd + + +=head1 NOTKI + +=head2 OGRANICZENIA + +I nie może być używany do szyfrowania protokołu I, +ponieważ do przesyłania poszczególnych plików używa on dodatkowych +połączeń otwieranych na portach o dynamicznie przydzielanych numerach. +Istnieją jednak specjalne wersje klientów i serwerów FTP pozwalające +na szyfrowanie przesyłanych danych przy pomocy protokołu I. + +=head2 TRYB INETD (tylko Unix) + +W większości zastosowań B samodzielnie nasłuchuje na porcie +podanym w pliku konfiguracyjnym i tworzy połączenie z innym portem +podanym w opcji I lub nowym programem podanym w opcji I. +Niektórzy wolą jednak wykorzystywać oddzielny program, który odbiera +połączenia, po czym uruchamia program B. Przykładami takich +programów są inetd, xinetd i tcpserver. + +Przykładowa linia pliku /etc/inetd.conf może wyglądać tak: + + imaps stream tcp nowait root /usr/bin/stunnel + stunnel /etc/stunnel/imaps.conf + +Ponieważ w takich przypadkach połączenie na zdefiniowanym porcie +(tutaj I) nawiązuje osobny program (tutaj I), B +nie może używać opcji I. W pliku konfiguracyjnym nie może +być również zdefiniowana żadna usługa (I<[nazwa_usługi]>), ponieważ +konfiguracja taka pozwala na nawiązanie tylko jednego połączenia. +Wszystkie I powinny być umieszczone razem z opcjami +globalnymi. Przykład takiej konfiguracji znajduje się w sekcji +I. + +=head2 CERTYFIKATY + +Protokół SSL wymaga, aby każdy serwer przedstawiał się nawiązującemu +połączenie klientowi prawidłowym certyfikatem X.509. +Potwierdzenie tożsamości serwera polega na wykazaniu, że posiada on +odpowiadający certyfikatowi klucz prywatny. +Najprostszą metodą uzyskania certyfikatu jest wygenerowanie +go przy pomocy wolnego pakietu I. Więcej informacji na temat +generowania certyfikatów można znaleźć na umieszczonych poniżej stronach. + +Istotną kwestią jest kolejność zawartości pliku I<.pem>. +W pierwszej kolejności powinien on zawierać klucz prywatny, +a dopiero za nim podpisany certyfikat (nie żądanie certyfikatu). +Po certyfikacie i kluczu prywatnym powinny znajdować się puste linie. +Jeżeli przed certyfikatem znajdują się dodatkowe informacje tekstowe, +to powinny one zostać usunięte. Otrzymany plik powinien mieć +następującą postać: + + -----BEGIN RSA PRIVATE KEY----- + [zakodowany klucz] + -----END RSA PRIVATE KEY----- + [pusta linia] + -----BEGIN CERTIFICATE----- + [zakodowany certyfikat] + -----END CERTIFICATE----- + [pusta linia] + +=head2 LOSOWOŚĆ + +B potrzebuje zainicjować PRNG (generator liczb pseudolosowych), +gdyż protokół SSL wymaga do bezpieczeństwa kryptograficznego źródła +dobrej losowości. Następujące źródła są kolejno odczytywane aż do +uzyskania wystarczającej ilości entropii: + +=over 4 + +=item * Zawartość pliku podanego w opcji I. + +=item * Zawartość pliku o nazwie określonej przez zmienną środowiskową +RANDFILE, o ile jest ona ustawiona. + +=item * Plik .rnd umieszczony w katalogu domowym użytkownika, +jeżeli zmienna RANDFILE nie jest ustawiona. + +=item * Plik podany w opcji '--with-random' w czasie konfiguracji programu. + +=item * Zawartość ekranu w systemie Windows. + +=item * Gniazdo egd, jeżeli użyta została opcja I. + +=item * Gniazdo egd podane w opcji '--with-egd-socket' w czasie konfiguracji +programu. + +=item * Urządzenie /dev/urandom. + +=back + +Współczesne (>=0.9.5a) wersje biblioteki I automatycznie +zaprzestają ładowania kolejnych danych w momencie uzyskania wystarczającej +ilości entropii. Wcześniejsze wersje biblioteki wykorzystają wszystkie +powyższe źródła, gdyż nie istnieje tam funkcja pozwalająca określić, +czy uzyskano już wystarczająco dużo danych. + +Warto zwrócić uwagę, że na maszynach z systemem Windows, na których +konsoli nie pracuje użytkownik, zawartość ekranu nie jest wystarczająco +zmienna, aby zainicjować PRNG. W takim przypadku do zainicjowania +generatora należy użyć opcji I. + +Plik I powinien zawierać dane losowe -- również w tym sensie, +że powinny być one inne przy każdym uruchomieniu programu B. +O ile nie użyta została opcja I jest to robione +automatycznie. Do ręcznego uzyskania takiego pliku użyteczna +może być komenda I dostarczana ze współczesnymi +wersjami pakietu I. + +Jeszcze jedna istotna informacja -- jeżeli dostępne jest urządzenie +I biblioteka I ma zwyczaj zasilania nim PRNG w trakcie +sprawdzania stanu generatora. W systemach z I urządzenie +to będzie najprawdopodobniej użyte, pomimo że znajduje się na samym końcu +powyższej listy. Jest to właściwość biblioteki I, a nie programu +I. + +=head2 PARAMETRY DH + +Począwszy od wersji 4.40 stunnel zawiera w kodzie programu 2048-bitowe +parametry DH. + +Alternatywnie parametry DH można umieścić w pliku razem z certyfikatem: + + openssl dhparam 2048 >> stunnel.pem + +Wygenerowanie parametrów DH może zająć nawet wiele minut. + + +=head1 PLIKI + +=over 4 + +=item F + +plik konfiguracyjny programu + +=back + + +=head1 BŁĘDY + +Opcja I nie obsługuje cytowania. + + +=head1 ZOBACZ RÓWNIEŻ + +=over 4 + +=item L + +biblioteka kontroli dostępu do usług internetowych + +=item L + +'super-serwer' internetowy + +=item F + +strona domowa programu I + +=item F + +strona projektu I + +=back + + +=head1 AUTOR + +=over 4 + +=item Michał Trojnara + +> + +=back + diff --git a/doc/stunnel.pod b/doc/stunnel.pod new file mode 100644 index 0000000..f2a551f --- /dev/null +++ b/doc/stunnel.pod @@ -0,0 +1,1004 @@ +=head1 NAME + +=encoding utf8 + +stunnel - universal SSL tunnel + + +=head1 SYNOPSIS + +=over 4 + +=item B + +B [>] | S<-fd n> | S<-help> | S<-version> | S<-sockets> + +=item B + +B [ [S<-install> | S<-uninstall> | S<-start> | S<-stop>] | S<-exit>] + [S<-quiet>] [>] ] | S<-help> | S<-version> | S<-sockets> + +=back + + +=head1 DESCRIPTION + +The B program is designed to work as I encryption wrapper +between remote clients and local (I-startable) or remote +servers. The concept is that having non-SSL aware daemons running on +your system you can easily set them up to communicate with clients over +secure SSL channels. + +B can be used to add SSL functionality to commonly used I +daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like +NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without +changes to the source code. + +This product includes cryptographic software written by +Eric Young (eay@cryptsoft.com) + + +=head1 OPTIONS + +=over 4 + +=item > + +Use specified configuration file + +=item B<-fd n> (Unix only) + +Read the config file from specified file descriptor + +=item B<-help> + +Print B help menu + +=item B<-version> + +Print B version and compile time defaults + +=item B<-sockets> + +Print default socket options + +=item B<-install> (NT/2000/XP only) + +Install NT Service + +=item B<-uninstall> (NT/2000/XP only) + +Uninstall NT Service + +=item B<-start> (NT/2000/XP only) + +Start NT Service + +=item B<-stop> (NT/2000/XP only) + +Stop NT Service + +=item B<-exit> (Win32 only) + +Exit an already started stunnel + +=item B<-quiet> (NT/2000/XP only) + +Don't display any message boxes + +=back + + +=head1 CONFIGURATION FILE + +Each line of the configuration file can be either: + +=over 4 + +=item * an empty line (ignored) + +=item * a comment starting with ';' (ignored) + +=item * an 'option_name = option_value' pair + +=item * '[service_name]' indicating a start of a service definition + +=back + +An address parameter of an option may be either: + +=over 4 + +=item * a port number + +=item * a colon-separated pair of IP address (either IPv4, IPv6, or domain name) and port number + +=item * a Unix socket path (Unix only) + +=back + +=head2 GLOBAL OPTIONS + +=over 4 + +=item B = directory (Unix only) + +directory to chroot B process + +B keeps B in chrooted jail. I, I, I +and I are located inside the jail and the patches have to be relative +to the directory specified with B. + +=item B = deflate | zlib | rle + +select data compression algorithm + +default: no compression + +deflate is the standard compression method as described in RFC 1951. + +zlib compression of OpenSSL 0.9.8 or above is not backward compatible with +OpenSSL 0.9.7. + +rle compression is currently not implemented by the OpenSSL library. + +=item B = [facility.]level + +debugging level + +Level is a one of the syslog level names or numbers +emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), +info (6), or debug (7). All logs for the specified level and +all levels numerically less than it will be shown. Use I or +I for greatest debugging output. The default is notice (5). + +The syslog facility 'daemon' will be used unless a facility name is supplied. +(Facilities are not supported on Win32.) + +Case is ignored for both facilities and levels. + +=item B = egd path (Unix only) + +path to Entropy Gathering Daemon socket + +Entropy Gathering Daemon socket to use to feed OpenSSL random number +generator. (Available only if compiled with OpenSSL 0.9.5a or higher) + +=item B = auto | + +select hardware engine + +default: software-only cryptography + +Here is an example of advanced engine configuration to read private key from an +OpenSC engine + + engine=dynamic + engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so + engineCtrl=ID:pkcs11 + engineCtrl=LIST_ADD:1 + engineCtrl=LOAD + engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so + engineCtrl=INIT + + [service] + engineNum=1 + key=id_45 + +=item B = command[:parameter] + +control hardware engine + +Special commands "LOAD" and "INIT" can be used to load and initialize the +engine cryptogaphic module. + +=item B = yes | no + +Enable or disable FIPS 140-2 mode. + +This option allows to disable entering FIPS mode if stunnel was compiled with +FIPS 140-2 support. + +default: yes + +=item B = yes | no (Unix only) + +foreground mode + +Stay in foreground (don't fork) and log to stderr +instead of via syslog (unless I is specified). + +default: background in daemon mode + +=item B = file + +append log messages to a file + +/dev/stdout device can be used to send log messages to the standard +output (for example to log them with daemontools splogger). + +=item B = file (Unix only) + +pid file location + +If the argument is empty, then no pid file will be created. + +I path is relative to I directory if specified. + +=item B = bytes + +bytes to read from random seed files + +Number of bytes of data read from random seed files. With SSL versions +less than 0.9.5a, also determines how many bytes of data are considered +sufficient to seed the PRNG. More recent OpenSSL versions have a builtin +function to determine when sufficient randomness is available. + +=item B = file + +path to file with random seed data + +The SSL library will use data from this file first to seed the random +number generator. + +=item B = yes | no + +overwrite the random seed files with new random data + +default: yes + +=item B = servicename (Unix only) + +use specified string as I mode service name for TCP Wrapper library + +default: stunnel + +=item B = groupname (Unix only) + +setgid() to groupname in daemon mode and clears all other groups + +=item B = username (Unix only) + +setuid() to username in daemon mode + +=item B = a|l|r:option=value[:value] + +Set an option on accept/local/remote socket + +The values for linger option are l_onof:l_linger. +The values for time are tv_sec:tv_usec. + +Examples: + + socket = l:SO_LINGER=1:60 + set one minute timeout for closing local socket + socket = r:SO_OOBINLINE=yes + place out-of-band data directly into the + receive data stream for remote sockets + socket = a:SO_REUSEADDR=no + disable address reuse (enabled by default) + socket = a:SO_BINDTODEVICE=lo + only accept connections on loopback interface + +=item B = yes | no (Unix only) + +enable logging via syslog + +default: yes + +=item B = yes | no (WIN32 only) + +enable the taskbar icon + +default: yes + +=back + + +=head2 SERVICE-LEVEL OPTIONS + +Each configuration section begins with service name in square brackets. +The service name is used for libwrap (TCP Wrappers) access control and lets +you distinguish B services in your log files. + +Note that if you wish to run B in I mode (where it +is provided a network socket by a server such as I, I, +or I) then you should read the section entitled I +below. + + +=over 4 + +=item B = address + +accept connections on specified address + +If no host specified, defaults to all IPv4 addresses for the local host. + +To listen on all IPv6 addresses use: + + connect = :::port + +=item B = directory + +Certificate Authority directory + +This is the directory in which B will look for certificates when using +the I. Note that the certificates in this directory should be named +XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the +cert. + +The hash algorithm has been changed in OpenSSL 1.0.0. It is required to +c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x. + +I path is relative to I directory if specified. + +=item B = certfile + +Certificate Authority file + +This file contains multiple CA certificates, used with the I. + +=item B = pemfile + +certificate chain PEM file name + +A PEM is always needed in server mode. +Specifying this flag in client mode will use this certificate chain +as a client side certificate chain. Using client side certs is optional. +The certificates must be in PEM format and must be sorted starting with the +certificate to the highest level (root CA). + +=item B = cipherlist + +Select permitted SSL ciphers + +A colon delimited list of the ciphers to allow in the SSL connection. +For example DES-CBC3-SHA:IDEA-CBC-MD5 + +=item B = yes | no + +client mode (remote service uses SSL) + +default: no (server mode) + +=item B = address + +connect to a remote address + +If no host is specified, the host defaults to localhost. + +Multiple B options are allowed in a single service section. + +If host resolves to multiple addresses and/or if multiple I +options are specified, then the remote address is chosen using a +round-robin algorithm. + +=item B = directory + +Certificate Revocation Lists directory + +This is the directory in which B will look for CRLs when +using the I. Note that the CRLs in this directory should +be named XXXXXXXX.r0 where XXXXXXXX is the hash value of the CRL. + +The hash algorithm has been changed in OpenSSL 1.0.0. It is required to +c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x. + +I path is relative to I directory if specified. + +=item B = certfile + +Certificate Revocation Lists file + +This file contains multiple CRLs, used with the I. + +=item B = nid + +specify ECDH curve name + +To get a list of supported cuves use: + + openssl ecparam -list_curves + +default: prime256v1 + +=item B = yes | no + +delay DNS lookup for 'connect' option + +This option is useful for dynamic DNS, or when DNS is not available during +stunnel startup (road warrior VPN, dial-up configurations). + +=item B = engine number + +select engine number to read private key + +The engines are numbered starting from 1. + +=item B = executable_path + +execute local inetd-type program + +I path is relative to I directory if specified. + +=item B = $0 $1 $2 ... + +arguments for I including program name ($0) + +Quoting is currently not supported. +Arguments are separated with arbitrary number of whitespaces. + +=item B = rr | prio + +Failover strategy for multiple "connect" targets. + + rr (round robin) - fair load distribution + prio (priority) - use the order specified in config file + +default: rr + +=item B = username + +use IDENT (RFC 1413) username checking + +=item B = keyfile + +private key for certificate specified with I option + +Private key is needed to authenticate certificate owner. +Since this file should be kept secret it should only be readable +to its owner. On Unix systems you can use the following command: + + chmod 600 keyfile + +default: value of I option + +=item B = yes | no + +Enable or disable the use of /etc/hosts.allow and /etc/hosts.deny. + +default: yes + +=item B = host + +IP of the outgoing interface is used as source for remote connections. +Use this option to bind a static local IP address, instead. + +=item B = service_name:server_name (server mode) + +Use the service as a slave service (a name-based virtual server) for Server +Name Indication TLS extension (RFC 3546). + +I specifies the master service that accepts client connections +with I option. I specifies the host name to be redirected. +Multiple slave services are normally specified for a single master service. +I option can also be specified more than once within a single slave service. + +This service, as well as the master service, may not be configured in client mode. +I option of the slave service is ignored when I option is +specified, as I connects remote host before TLS handshake. +Libwrap checks (Unix only) are performed twice: with master service name after +TCP connection is accepted, and with slave service name during TLS handshake. + +Option I is only available when compiled with OpenSSL 1.0.0 and later. + +=item B = server_name (client mode) + +Use the parameter as the value of TLS Server Name Indication (RFC 3546) +extension. + +Option I is only available when compiled with OpenSSL 1.0.0 and later. + +=item B = url + +select OCSP server for certificate verification + +=item B = flag + +specify OCSP server flag + +Several I can be used to specify multiple flags. + +currently supported flags: NOCERTS, NOINTERN NOSIGS, NOCHAIN, NOVERIFY, +NOEXPLICIT, NOCASIGN, NODELEGATED, NOCHECKS, TRUSTOTHER, RESPID_KEY, NOTIME + +=item B = SSL_options + +OpenSSL library options + +The parameter is the OpenSSL option name as described in the +I manual, but without I prefix. +Several I can be used to specify multiple options. + +For example for compatibility with erroneous Eudora SSL implementation +the following option can be used: + + options = DONT_INSERT_EMPTY_FRAGMENTS + +=item B = proto + +application protocol to negotiate SSL (e.g. I or I) + +I option should not be used with SSL encryption on a separate port. + +Currently supported protocols: + +=over 4 + +=item I + +Proprietary (undocummented) extension of CIFS protocol implemented in Samba. +Support for this extension was dropped in Samba 3.0.0. + +=item I + +Based on RFC 2817 - I, section 5.2 - I + +This protocol is only supported in client mode. + +=item I + +Based on RFC 2595 - I + +=item I + +Based on RFC 4642 - I + +This protocol is only supported in client mode. + +=item I + +Based on http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982 + +=item I + +Based on RFC 2449 - I + +=item I + +Haproxy client IP address http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt + +=item I + +Based on RFC 2487 - I + +=back + +=item B = auth_type + +authentication type for protocol negotiations + +currently supported: basic, NTLM + +Currently authentication type only applies to 'connect' protocol. + +default: basic + +=item B = host:port + +destination address for protocol negotiations + +=item B = password + +password for protocol negotiations + +=item B = username + +username for protocol negotiations + +=item B = yes | no (Unix only) + +allocate pseudo terminal for 'exec' option + +=item B = yes | no (Unix only) + +reconnect a connect+exec section after it's disconnected + +default: no + +=item B = timeout + +session cache timeout + +=item B = host:port + +address of sessiond SSL cache server + +=item B = version + +select version of SSL protocol + +Allowed options: all, SSLv2, SSLv3, TLSv1 + +=item B = bytes (except for FORK model) + +thread stack size + +=item B = seconds + +time to wait for expected data + +=item B = seconds + +time to wait for close_notify (set to 0 for buggy MSIE) + +=item B = seconds + +time to wait to connect a remote host + +=item B = seconds + +time to keep an idle connection + +=item B = none | source | destination | both (Unix only) + +enable transparent proxy support on selected platforms + +Supported values: + +=over 4 + +=item I + +Disable transparent proxy support. This is the default. + +=item I + +Re-write address to appear as if wrapped daemon is connecting +from the SSL client machine instead of the machine running B. + +This option is currently available in: + +=over 4 + +=item Remote mode (I option) on I=2.6.28> + +This configuration requires stunnel to be executed as root and without +I option. + +This configuration requires the following setup for iptables and routing +(possibly in /etc/rc.local or equivalent file): + + iptables -t mangle -N DIVERT + iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT + iptables -t mangle -A DIVERT -j MARK --set-mark 1 + iptables -t mangle -A DIVERT -j ACCEPT + ip rule add fwmark 1 lookup 100 + ip route add local 0.0.0.0/0 dev lo table 100 + echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter + +B must also to be executed as root and without I option. + +=item Remote mode (I option) on I + +This configuration requires kernel to be compiled with I option. +Connected service must be installed on a separate host. +Routing towards the clients has to go through the stunnel box. + +B must also to be executed as root and without I option. + +=item Remote mode (I option) on I=8.0> + +This configuration requires additional firewall and routing setup. +B must also to be executed as root and without I option. + +=item Local mode (I option) + +This configuration works by pre-loading I shared library. +_RLD_LIST environment variable is used on Tru64, and LD_PRELOAD variable on +other platforms. + +=back + +=item I + +Original destination is used instead of I option. + +A service section for transparent destination may look like this: + + [transparent] + client=yes + accept= + transparent=destination + +This configuration requires the following setup for iptables +(possibly in /etc/rc.local or equivalent file): + + /sbin/iptables -I INPUT -i eth0 -p tcp --dport -j ACCEPT + /sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport -j DNAT --to-destination : + +Transparent destination option is currently only supported on Linux. + +=item I + +Use both I and I transparent proxy. + +=back + +Two legacy options are also supported for backward compatibility: + +=over 4 + +=item I + +This options has been renamed to I. + +=item I + +This options has been renamed to I. + +=back + + +=item B = level + +verify peer certificate + +=over 4 + +=item I - request and ignore peer certificate + +=item I - verify peer certificate if present + +=item I - verify peer certificate + +=item I - verify peer with locally installed certificate + +=item I - ignore CA chain and only verify peer certificate + +=item I - no verify + +=back + +It is important to understand, that this option was solely designed for access +control and not for authorization. Specifically for level 2 every non-revoked +certificate is accepted regardless of its Common Name. For this reason a +dedicated CA should be used with level 2, and not a generic CA commonly used +for webservers. Level 3 is preferred for point-to-point connections. + +=back + + +=head1 RETURN VALUE + +B returns zero on success, non-zero on error. + + +=head1 SIGNALS + +The following signals can be used to control stunnel in Unix environment: + +=over 4 + +=item SIGHUP + +Force a reload of the configuration file. + +Some global options will not be reloaded: + +=over 4 + +=item * chroot + +=item * foreground + +=item * pid + +=item * setgid + +=item * setuid + +=back + +The use of 'setuid' option will also prevent stunnel from binding privileged +(<1024) ports during configuration reloading. + +When 'chroot' option is used, stunnel will look for all its files (including +configuration file, certificates, log file and pid file) within the chroot +jail. + +=item SIGUSR1 + +Close and reopen stunnel log file. +This function can be used for log rotation. + +=item SIGTERM, SIGQUIT, SIGINT + +Shut stunnel down. + +=back + +The result of sending any other signals to the server is undefined. + + +=head1 EXAMPLES + +In order to provide SSL encapsulation to your local I service, use + + [imapd] + accept = 993 + exec = /usr/sbin/imapd + execargs = imapd + +If you want to provide tunneling to your I daemon on port 2020, +use something like + + [vpn] + accept = 2020 + exec = /usr/sbin/pppd + execargs = pppd local + pty = yes + +If you want to use B in I mode to launch your imapd +process, you'd use this I. +Note there must be no I<[service_name]> section. + + exec = /usr/sbin/imapd + execargs = imapd + + +=head1 NOTES + +=head2 RESTRICTIONS + +B cannot be used for the FTP daemon because of the nature +of the FTP protocol which utilizes multiple ports for data transfers. +There are available SSL enabled versions of FTP and telnet daemons, however. + + +=head2 INETD MODE + +The most common use of B is to listen on a network +port and establish communication with either a new port +via the connect option, or a new program via the I option. +However there is a special case when you wish to have +some other program accept incoming connections and +launch B, for example with I, I, +or I. + +For example, if you have the following line in I: + + imaps stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/imaps.conf + +In these cases, the I-style program is responsible +for binding a network socket (I above) and handing +it to B when a connection is received. +Thus you do not want B to have any I option. +All the I should be placed in the +global options section, and no I<[service_name]> section +will be present. See the I section for example +configurations. + +=head2 CERTIFICATES + +Each SSL enabled daemon needs to present a valid X.509 certificate +to the peer. It also needs a private key to decrypt the incoming +data. The easiest way to obtain a certificate and a key is to +generate them with the free I package. You can find more +information on certificates generation on pages listed below. + +The order of contents of the I<.pem> file is important. It should contain the +unencrypted private key first, then a signed certificate (not certificate +request). There should be also empty lines after certificate and private key. +Plaintext certificate information appended on the top of generated certificate +should be discarded. So the file should look like this: + + -----BEGIN RSA PRIVATE KEY----- + [encoded key] + -----END RSA PRIVATE KEY----- + [empty line] + -----BEGIN CERTIFICATE----- + [encoded certificate] + -----END CERTIFICATE----- + [empty line] + +=head2 RANDOMNESS + +B needs to seed the PRNG (pseudo random number generator) in +order for SSL to use good randomness. The following sources are loaded +in order until sufficient random data has been gathered: + +=over 4 + +=item * The file specified with the I flag. + +=item * The file specified by the RANDFILE environment variable, if set. + +=item * The file .rnd in your home directory, if RANDFILE not set. + +=item * The file specified with '--with-random' at compile time. + +=item * The contents of the screen if running on Windows. + +=item * The egd socket specified with the I flag. + +=item * The egd socket specified with '--with-egd-sock' at compile time. + +=item * The /dev/urandom device. + +=back + +With recent (>=OpenSSL 0.9.5a) version of SSL it will stop loading +random data automatically when sufficient entropy has been gathered. +With previous versions it will continue to gather from all the above +sources since no SSL function exists to tell when enough data is available. + +Note that on Windows machines that do not have console user interaction +(mouse movements, creating windows, etc.) the screen contents are not +variable enough to be sufficient, and you should provide a random file +for use with the I flag. + +Note that the file specified with the I flag should contain +random data -- that means it should contain different information +each time B is run. This is handled automatically +unless the I flag is used. If you wish to update this file +manually, the I command in recent versions of OpenSSL, +would be useful. + +One important note -- if /dev/urandom is available, OpenSSL has a habit of +seeding the PRNG with it even when checking the random state, so on +systems with /dev/urandom you're likely to use it even though it's listed +at the very bottom of the list above. This isn't B behaviour, it's +OpenSSLs. + +=head2 DH PARAMETERS + +Stunnel 4.40 and later contains hardcoded 2048-bit DH parameters. + +It is also possible to specify DH parameters in the certificate file: + + openssl dhparam 2048 >> stunnel.pem + +DH parameter generation may take several minutes. + + +=head1 FILES + +=over 4 + +=item F + +B configuration file + +=back + + +=head1 BUGS + +Option I does not support quoting. + + +=head1 SEE ALSO + +=over 4 + +=item L + +access control facility for internet services + +=item L + +internet 'super-server' + +=item F + +B homepage + +=item F + +OpenSSL project website + +=back + + +=head1 AUTHOR + +=over 4 + +=item Michał Trojnara + +> + +=back + diff --git a/m4/libtool.m4 b/m4/libtool.m4 new file mode 100644 index 0000000..a3fee53 --- /dev/null +++ b/m4/libtool.m4 @@ -0,0 +1,7377 @@ +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +m4_define([_LT_COPYING], [dnl +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +]) + +# serial 56 LT_INIT + + +# LT_PREREQ(VERSION) +# ------------------ +# Complain and exit if this libtool version is less that VERSION. +m4_defun([LT_PREREQ], +[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, + [m4_default([$3], + [m4_fatal([Libtool version $1 or higher is required], + 63)])], + [$2])]) + + +# _LT_CHECK_BUILDDIR +# ------------------ +# Complain if the absolute build directory name contains unusual characters +m4_defun([_LT_CHECK_BUILDDIR], +[case `pwd` in + *\ * | *\ *) + AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; +esac +]) + + +# LT_INIT([OPTIONS]) +# ------------------ +AC_DEFUN([LT_INIT], +[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +AC_BEFORE([$0], [LT_LANG])dnl +AC_BEFORE([$0], [LT_OUTPUT])dnl +AC_BEFORE([$0], [LTDL_INIT])dnl +m4_require([_LT_CHECK_BUILDDIR])dnl + +dnl Autoconf doesn't catch unexpanded LT_ macros by default: +m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl +m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl +dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 +dnl unless we require an AC_DEFUNed macro: +AC_REQUIRE([LTOPTIONS_VERSION])dnl +AC_REQUIRE([LTSUGAR_VERSION])dnl +AC_REQUIRE([LTVERSION_VERSION])dnl +AC_REQUIRE([LTOBSOLETE_VERSION])dnl +m4_require([_LT_PROG_LTMAIN])dnl + +dnl Parse OPTIONS +_LT_SET_OPTIONS([$0], [$1]) + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +_LT_SETUP + +# Only expand once: +m4_define([LT_INIT]) +])# LT_INIT + +# Old names: +AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) +AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PROG_LIBTOOL], []) +dnl AC_DEFUN([AM_PROG_LIBTOOL], []) + + +# _LT_CC_BASENAME(CC) +# ------------------- +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +m4_defun([_LT_CC_BASENAME], +[for cc_temp in $1""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` +]) + + +# _LT_FILEUTILS_DEFAULTS +# ---------------------- +# It is okay to use these file commands and assume they have been set +# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. +m4_defun([_LT_FILEUTILS_DEFAULTS], +[: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} +])# _LT_FILEUTILS_DEFAULTS + + +# _LT_SETUP +# --------- +m4_defun([_LT_SETUP], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +_LT_DECL([], [host_alias], [0], [The host system])dnl +_LT_DECL([], [host], [0])dnl +_LT_DECL([], [host_os], [0])dnl +dnl +_LT_DECL([], [build_alias], [0], [The build system])dnl +_LT_DECL([], [build], [0])dnl +_LT_DECL([], [build_os], [0])dnl +dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +test -z "$LN_S" && LN_S="ln -s" +_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl +dnl +AC_REQUIRE([LT_CMD_MAX_LEN])dnl +_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl +_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl +dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_CMD_RELOAD])dnl +m4_require([_LT_CHECK_MAGIC_METHOD])dnl +m4_require([_LT_CMD_OLD_ARCHIVE])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl + +_LT_CONFIG_LIBTOOL_INIT([ +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi +]) +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +_LT_CHECK_OBJDIR + +m4_require([_LT_TAG_COMPILER])dnl +_LT_PROG_ECHO_BACKSLASH + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + _LT_PATH_MAGIC + fi + ;; +esac + +# Use C for the default configuration in the libtool script +LT_SUPPORTED_TAG([CC]) +_LT_LANG_C_CONFIG +_LT_LANG_DEFAULT_CONFIG +_LT_CONFIG_COMMANDS +])# _LT_SETUP + + +# _LT_PROG_LTMAIN +# --------------- +# Note that this code is called both from `configure', and `config.status' +# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, +# `config.status' has no value for ac_aux_dir unless we are using Automake, +# so we pass a copy along to make sure it has a sensible value anyway. +m4_defun([_LT_PROG_LTMAIN], +[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl +_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) +ltmain="$ac_aux_dir/ltmain.sh" +])# _LT_PROG_LTMAIN + + +## ------------------------------------- ## +## Accumulate code for creating libtool. ## +## ------------------------------------- ## + +# So that we can recreate a full libtool script including additional +# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS +# in macros and then make a single call at the end using the `libtool' +# label. + + +# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) +# ---------------------------------------- +# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL_INIT], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_INIT], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_INIT]) + + +# _LT_CONFIG_LIBTOOL([COMMANDS]) +# ------------------------------ +# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) + + +# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) +# ----------------------------------------------------- +m4_defun([_LT_CONFIG_SAVE_COMMANDS], +[_LT_CONFIG_LIBTOOL([$1]) +_LT_CONFIG_LIBTOOL_INIT([$2]) +]) + + +# _LT_FORMAT_COMMENT([COMMENT]) +# ----------------------------- +# Add leading comment marks to the start of each line, and a trailing +# full-stop to the whole comment if one is not present already. +m4_define([_LT_FORMAT_COMMENT], +[m4_ifval([$1], [ +m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], + [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) +)]) + + + +## ------------------------ ## +## FIXME: Eliminate VARNAME ## +## ------------------------ ## + + +# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) +# ------------------------------------------------------------------- +# CONFIGNAME is the name given to the value in the libtool script. +# VARNAME is the (base) name used in the configure script. +# VALUE may be 0, 1 or 2 for a computed quote escaped value based on +# VARNAME. Any other value will be used directly. +m4_define([_LT_DECL], +[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], + [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], + [m4_ifval([$1], [$1], [$2])]) + lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) + m4_ifval([$4], + [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) + lt_dict_add_subkey([lt_decl_dict], [$2], + [tagged?], [m4_ifval([$5], [yes], [no])])]) +]) + + +# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) +# -------------------------------------------------------- +m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) + + +# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_tag_varnames], +[_lt_decl_filter([tagged?], [yes], $@)]) + + +# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) +# --------------------------------------------------------- +m4_define([_lt_decl_filter], +[m4_case([$#], + [0], [m4_fatal([$0: too few arguments: $#])], + [1], [m4_fatal([$0: too few arguments: $#: $1])], + [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], + [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], + [lt_dict_filter([lt_decl_dict], $@)])[]dnl +]) + + +# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) +# -------------------------------------------------- +m4_define([lt_decl_quote_varnames], +[_lt_decl_filter([value], [1], $@)]) + + +# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_dquote_varnames], +[_lt_decl_filter([value], [2], $@)]) + + +# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_varnames_tagged], +[m4_assert([$# <= 2])dnl +_$0(m4_quote(m4_default([$1], [[, ]])), + m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), + m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) +m4_define([_lt_decl_varnames_tagged], +[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) + + +# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_all_varnames], +[_$0(m4_quote(m4_default([$1], [[, ]])), + m4_if([$2], [], + m4_quote(lt_decl_varnames), + m4_quote(m4_shift($@))))[]dnl +]) +m4_define([_lt_decl_all_varnames], +[lt_join($@, lt_decl_varnames_tagged([$1], + lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl +]) + + +# _LT_CONFIG_STATUS_DECLARE([VARNAME]) +# ------------------------------------ +# Quote a variable value, and forward it to `config.status' so that its +# declaration there will have the same value as in `configure'. VARNAME +# must have a single quote delimited value for this to work. +m4_define([_LT_CONFIG_STATUS_DECLARE], +[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`']) + + +# _LT_CONFIG_STATUS_DECLARATIONS +# ------------------------------ +# We delimit libtool config variables with single quotes, so when +# we write them to config.status, we have to be sure to quote all +# embedded single quotes properly. In configure, this macro expands +# each variable declared with _LT_DECL (and _LT_TAGDECL) into: +# +# ='`$ECHO "X$" | $Xsed -e "$delay_single_quote_subst"`' +m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], +[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), + [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAGS +# ---------------- +# Output comment and list of tags supported by the script +m4_defun([_LT_LIBTOOL_TAGS], +[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl +available_tags="_LT_TAGS"dnl +]) + + +# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) +# ----------------------------------- +# Extract the dictionary values for VARNAME (optionally with TAG) and +# expand to a commented shell variable setting: +# +# # Some comment about what VAR is for. +# visible_name=$lt_internal_name +m4_define([_LT_LIBTOOL_DECLARE], +[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], + [description])))[]dnl +m4_pushdef([_libtool_name], + m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl +m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), + [0], [_libtool_name=[$]$1], + [1], [_libtool_name=$lt_[]$1], + [2], [_libtool_name=$lt_[]$1], + [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl +m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl +]) + + +# _LT_LIBTOOL_CONFIG_VARS +# ----------------------- +# Produce commented declarations of non-tagged libtool config variables +# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' +# script. Tagged libtool config variables (even for the LIBTOOL CONFIG +# section) are produced by _LT_LIBTOOL_TAG_VARS. +m4_defun([_LT_LIBTOOL_CONFIG_VARS], +[m4_foreach([_lt_var], + m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAG_VARS(TAG) +# ------------------------- +m4_define([_LT_LIBTOOL_TAG_VARS], +[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) + + +# _LT_TAGVAR(VARNAME, [TAGNAME]) +# ------------------------------ +m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) + + +# _LT_CONFIG_COMMANDS +# ------------------- +# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of +# variables for single and double quote escaping we saved from calls +# to _LT_DECL, we can put quote escaped variables declarations +# into `config.status', and then the shell code to quote escape them in +# for loops in `config.status'. Finally, any additional code accumulated +# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. +m4_defun([_LT_CONFIG_COMMANDS], +[AC_PROVIDE_IFELSE([LT_OUTPUT], + dnl If the libtool generation code has been placed in $CONFIG_LT, + dnl instead of duplicating it all over again into config.status, + dnl then we will have config.status run $CONFIG_LT later, so it + dnl needs to know what name is stored there: + [AC_CONFIG_COMMANDS([libtool], + [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], + dnl If the libtool generation code is destined for config.status, + dnl expand the accumulated commands and init code now: + [AC_CONFIG_COMMANDS([libtool], + [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) +])#_LT_CONFIG_COMMANDS + + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], +[ + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +_LT_CONFIG_STATUS_DECLARATIONS +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# Quote evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_quote_varnames); do + case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_dquote_varnames); do + case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Fix-up fallback echo if it was mangled by the above quoting rules. +case \$lt_ECHO in +*'\\\[$]0 --fallback-echo"')dnl " + lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\` + ;; +esac + +_LT_OUTPUT_LIBTOOL_INIT +]) + + +# LT_OUTPUT +# --------- +# This macro allows early generation of the libtool script (before +# AC_OUTPUT is called), incase it is used in configure for compilation +# tests. +AC_DEFUN([LT_OUTPUT], +[: ${CONFIG_LT=./config.lt} +AC_MSG_NOTICE([creating $CONFIG_LT]) +cat >"$CONFIG_LT" <<_LTEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate a libtool stub with the current configuration. + +lt_cl_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AS_SHELL_SANITIZE +_AS_PREPARE + +exec AS_MESSAGE_FD>&1 +exec AS_MESSAGE_LOG_FD>>config.log +{ + echo + AS_BOX([Running $as_me.]) +} >&AS_MESSAGE_LOG_FD + +lt_cl_help="\ +\`$as_me' creates a local libtool stub from the current configuration, +for use in further configure time tests before the real libtool is +generated. + +Usage: $[0] [[OPTIONS]] + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + +Report bugs to ." + +lt_cl_version="\ +m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl +m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) +configured by $[0], generated by m4_PACKAGE_STRING. + +Copyright (C) 2008 Free Software Foundation, Inc. +This config.lt script is free software; the Free Software Foundation +gives unlimited permision to copy, distribute and modify it." + +while test $[#] != 0 +do + case $[1] in + --version | --v* | -V ) + echo "$lt_cl_version"; exit 0 ;; + --help | --h* | -h ) + echo "$lt_cl_help"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --quiet | --q* | --silent | --s* | -q ) + lt_cl_silent=: ;; + + -*) AC_MSG_ERROR([unrecognized option: $[1] +Try \`$[0] --help' for more information.]) ;; + + *) AC_MSG_ERROR([unrecognized argument: $[1] +Try \`$[0] --help' for more information.]) ;; + esac + shift +done + +if $lt_cl_silent; then + exec AS_MESSAGE_FD>/dev/null +fi +_LTEOF + +cat >>"$CONFIG_LT" <<_LTEOF +_LT_OUTPUT_LIBTOOL_COMMANDS_INIT +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AC_MSG_NOTICE([creating $ofile]) +_LT_OUTPUT_LIBTOOL_COMMANDS +AS_EXIT(0) +_LTEOF +chmod +x "$CONFIG_LT" + +# configure is writing to config.log, but config.lt does its own redirection, +# appending to config.log, which fails on DOS, as config.log is still kept +# open by configure. Here we exec the FD to /dev/null, effectively closing +# config.log, so it can be properly (re)opened and appended to by config.lt. +if test "$no_create" != yes; then + lt_cl_success=: + test "$silent" = yes && + lt_config_lt_args="$lt_config_lt_args --quiet" + exec AS_MESSAGE_LOG_FD>/dev/null + $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false + exec AS_MESSAGE_LOG_FD>>config.log + $lt_cl_success || AS_EXIT(1) +fi +])# LT_OUTPUT + + +# _LT_CONFIG(TAG) +# --------------- +# If TAG is the built-in tag, create an initial libtool script with a +# default configuration from the untagged config vars. Otherwise add code +# to config.status for appending the configuration named by TAG from the +# matching tagged config vars. +m4_defun([_LT_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_CONFIG_SAVE_COMMANDS([ + m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl + m4_if(_LT_TAG, [C], [ + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +_LT_COPYING +_LT_LIBTOOL_TAGS + +# ### BEGIN LIBTOOL CONFIG +_LT_LIBTOOL_CONFIG_VARS +_LT_LIBTOOL_TAG_VARS +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + _LT_PROG_LTMAIN + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + _LT_PROG_XSI_SHELLFNS + + sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +], +[cat <<_LT_EOF >> "$ofile" + +dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded +dnl in a comment (ie after a #). +# ### BEGIN LIBTOOL TAG CONFIG: $1 +_LT_LIBTOOL_TAG_VARS(_LT_TAG) +# ### END LIBTOOL TAG CONFIG: $1 +_LT_EOF +])dnl /m4_if +], +[m4_if([$1], [], [ + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile'], []) +])dnl /_LT_CONFIG_SAVE_COMMANDS +])# _LT_CONFIG + + +# LT_SUPPORTED_TAG(TAG) +# --------------------- +# Trace this macro to discover what tags are supported by the libtool +# --tag option, using: +# autoconf --trace 'LT_SUPPORTED_TAG:$1' +AC_DEFUN([LT_SUPPORTED_TAG], []) + + +# C support is built-in for now +m4_define([_LT_LANG_C_enabled], []) +m4_define([_LT_TAGS], []) + + +# LT_LANG(LANG) +# ------------- +# Enable libtool support for the given language if not already enabled. +AC_DEFUN([LT_LANG], +[AC_BEFORE([$0], [LT_OUTPUT])dnl +m4_case([$1], + [C], [_LT_LANG(C)], + [C++], [_LT_LANG(CXX)], + [Java], [_LT_LANG(GCJ)], + [Fortran 77], [_LT_LANG(F77)], + [Fortran], [_LT_LANG(FC)], + [Windows Resource], [_LT_LANG(RC)], + [m4_ifdef([_LT_LANG_]$1[_CONFIG], + [_LT_LANG($1)], + [m4_fatal([$0: unsupported language: "$1"])])])dnl +])# LT_LANG + + +# _LT_LANG(LANGNAME) +# ------------------ +m4_defun([_LT_LANG], +[m4_ifdef([_LT_LANG_]$1[_enabled], [], + [LT_SUPPORTED_TAG([$1])dnl + m4_append([_LT_TAGS], [$1 ])dnl + m4_define([_LT_LANG_]$1[_enabled], [])dnl + _LT_LANG_$1_CONFIG($1)])dnl +])# _LT_LANG + + +# _LT_LANG_DEFAULT_CONFIG +# ----------------------- +m4_defun([_LT_LANG_DEFAULT_CONFIG], +[AC_PROVIDE_IFELSE([AC_PROG_CXX], + [LT_LANG(CXX)], + [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) + +AC_PROVIDE_IFELSE([AC_PROG_F77], + [LT_LANG(F77)], + [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) + +AC_PROVIDE_IFELSE([AC_PROG_FC], + [LT_LANG(FC)], + [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) + +dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal +dnl pulling things in needlessly. +AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([LT_PROG_GCJ], + [LT_LANG(GCJ)], + [m4_ifdef([AC_PROG_GCJ], + [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([A][M_PROG_GCJ], + [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([LT_PROG_GCJ], + [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) + +AC_PROVIDE_IFELSE([LT_PROG_RC], + [LT_LANG(RC)], + [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) +])# _LT_LANG_DEFAULT_CONFIG + +# Obsolete macros: +AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) +AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) +AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) +AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_CXX], []) +dnl AC_DEFUN([AC_LIBTOOL_F77], []) +dnl AC_DEFUN([AC_LIBTOOL_FC], []) +dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) + + +# _LT_TAG_COMPILER +# ---------------- +m4_defun([_LT_TAG_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl +_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl +_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl +_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_TAG_COMPILER + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +m4_defun([_LT_COMPILER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +m4_defun([_LT_LINKER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* +])# _LT_LINKER_BOILERPLATE + +# _LT_REQUIRED_DARWIN_CHECKS +# ------------------------- +m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ + case $host_os in + rhapsody* | darwin*) + AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) + AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) + AC_CHECK_TOOL([LIPO], [lipo], [:]) + AC_CHECK_TOOL([OTOOL], [otool], [:]) + AC_CHECK_TOOL([OTOOL64], [otool64], [:]) + _LT_DECL([], [DSYMUTIL], [1], + [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) + _LT_DECL([], [NMEDIT], [1], + [Tool to change global to local symbols on Mac OS X]) + _LT_DECL([], [LIPO], [1], + [Tool to manipulate fat objects and archives on Mac OS X]) + _LT_DECL([], [OTOOL], [1], + [ldd/readelf like tool for Mach-O binaries on Mac OS X]) + _LT_DECL([], [OTOOL64], [1], + [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) + + AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], + [lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi]) + AC_CACHE_CHECK([for -exported_symbols_list linker flag], + [lt_cv_ld_exported_symbols_list], + [lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [lt_cv_ld_exported_symbols_list=yes], + [lt_cv_ld_exported_symbols_list=no]) + LDFLAGS="$save_LDFLAGS" + ]) + case $host_os in + rhapsody* | darwin1.[[012]]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[[012]]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac +]) + + +# _LT_DARWIN_LINKER_FEATURES +# -------------------------- +# Checks for linker and compiler features on darwin +m4_defun([_LT_DARWIN_LINKER_FEATURES], +[ + m4_require([_LT_REQUIRED_DARWIN_CHECKS]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_automatic, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=echo + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + m4_if([$1], [CXX], +[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" + fi +],[]) + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi +]) + +# _LT_SYS_MODULE_PATH_AIX +# ----------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +m4_defun([_LT_SYS_MODULE_PATH_AIX], +[m4_require([_LT_DECL_SED])dnl +AC_LINK_IFELSE(AC_LANG_PROGRAM,[ +lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\(.*\)$/\1/ + p + } + }' +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +fi],[]) +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi +])# _LT_SYS_MODULE_PATH_AIX + + +# _LT_SHELL_INIT(ARG) +# ------------------- +m4_define([_LT_SHELL_INIT], +[ifdef([AC_DIVERSION_NOTICE], + [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], + [AC_DIVERT_PUSH(NOTICE)]) +$1 +AC_DIVERT_POP +])# _LT_SHELL_INIT + + +# _LT_PROG_ECHO_BACKSLASH +# ----------------------- +# Add some code to the start of the generated configure script which +# will find an echo command which doesn't interpret backslashes. +m4_defun([_LT_PROG_ECHO_BACKSLASH], +[_LT_SHELL_INIT([ +# Check that we are running under the correct shell. +SHELL=${CONFIG_SHELL-/bin/sh} + +case X$lt_ECHO in +X*--fallback-echo) + # Remove one level of quotation (which was required for Make). + ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` + ;; +esac + +ECHO=${lt_ECHO-echo} +if test "X[$]1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X[$]1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then + # Yippee, $ECHO works! + : +else + # Restart under the correct shell. + exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} +fi + +if test "X[$]1" = X--fallback-echo; then + # used as fallback echo + shift + cat <<_LT_EOF +[$]* +_LT_EOF + exit 0 +fi + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test -z "$lt_ECHO"; then + if test "X${echo_test_string+set}" != Xset; then + # find a string as large as possible, as long as the shell can cope with it + for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do + # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... + if { echo_test_string=`eval $cmd`; } 2>/dev/null && + { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null + then + break + fi + done + fi + + if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + : + else + # The Solaris, AIX, and Digital Unix default echo programs unquote + # backslashes. This makes it impossible to quote backslashes using + # echo "$something" | sed 's/\\/\\\\/g' + # + # So, first we look for a working echo in the user's PATH. + + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for dir in $PATH /usr/ucb; do + IFS="$lt_save_ifs" + if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && + test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + ECHO="$dir/echo" + break + fi + done + IFS="$lt_save_ifs" + + if test "X$ECHO" = Xecho; then + # We didn't find a better echo, so look for alternatives. + if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # This shell has a builtin print -r that does the trick. + ECHO='print -r' + elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && + test "X$CONFIG_SHELL" != X/bin/ksh; then + # If we have ksh, try running configure again with it. + ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} + export ORIGINAL_CONFIG_SHELL + CONFIG_SHELL=/bin/ksh + export CONFIG_SHELL + exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} + else + # Try using printf. + ECHO='printf %s\n' + if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # Cool, printf works + : + elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL + export CONFIG_SHELL + SHELL="$CONFIG_SHELL" + export SHELL + ECHO="$CONFIG_SHELL [$]0 --fallback-echo" + elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + ECHO="$CONFIG_SHELL [$]0 --fallback-echo" + else + # maybe with a smaller string... + prev=: + + for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do + if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null + then + break + fi + prev="$cmd" + done + + if test "$prev" != 'sed 50q "[$]0"'; then + echo_test_string=`eval $prev` + export echo_test_string + exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} + else + # Oops. We lost completely, so just stick with echo. + ECHO=echo + fi + fi + fi + fi + fi +fi + +# Copy echo and quote the copy suitably for passing to libtool from +# the Makefile, instead of quoting the original, which is used later. +lt_ECHO=$ECHO +if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then + lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" +fi + +AC_SUBST(lt_ECHO) +]) +_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) +_LT_DECL([], [ECHO], [1], + [An echo program that does not interpret backslashes]) +])# _LT_PROG_ECHO_BACKSLASH + + +# _LT_ENABLE_LOCK +# --------------- +m4_defun([_LT_ENABLE_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AS_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '[#]line __oline__ "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +sparc*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) LD="${LD-ld} -m elf64_sparc" ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" +])# _LT_ENABLE_LOCK + + +# _LT_CMD_OLD_ARCHIVE +# ------------------- +m4_defun([_LT_CMD_OLD_ARCHIVE], +[AC_CHECK_TOOL(AR, ar, false) +test -z "$AR" && AR=ar +test -z "$AR_FLAGS" && AR_FLAGS=cru +_LT_DECL([], [AR], [1], [The archiver]) +_LT_DECL([], [AR_FLAGS], [1]) + +AC_CHECK_TOOL(STRIP, strip, :) +test -z "$STRIP" && STRIP=: +_LT_DECL([], [STRIP], [1], [A symbol stripping program]) + +AC_CHECK_TOOL(RANLIB, ranlib, :) +test -z "$RANLIB" && RANLIB=: +_LT_DECL([], [RANLIB], [1], + [Commands used to install an old-style archive]) + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" +fi +_LT_DECL([], [old_postinstall_cmds], [2]) +_LT_DECL([], [old_postuninstall_cmds], [2]) +_LT_TAGDECL([], [old_archive_cmds], [2], + [Commands used to build an old-style archive]) +])# _LT_CMD_OLD_ARCHIVE + + +# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([_LT_COMPILER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $RM conftest* +]) + +if test x"[$]$2" = xyes; then + m4_if([$5], , :, [$5]) +else + m4_if([$6], , :, [$6]) +fi +])# _LT_COMPILER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) + + +# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------- +# Check whether the given linker option works +AC_DEFUN([_LT_LINKER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $3" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" +]) + +if test x"[$]$2" = xyes; then + m4_if([$4], , :, [$4]) +else + m4_if([$5], , :, [$5]) +fi +])# _LT_LINKER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) + + +# LT_CMD_MAX_LEN +#--------------- +AC_DEFUN([LT_CMD_MAX_LEN], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ + = "XX$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac +]) +if test -n $lt_cv_sys_max_cmd_len ; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +max_cmd_len=$lt_cv_sys_max_cmd_len +_LT_DECL([], [max_cmd_len], [0], + [What is the maximum length of a command?]) +])# LT_CMD_MAX_LEN + +# Old name: +AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) + + +# _LT_HEADER_DLFCN +# ---------------- +m4_defun([_LT_HEADER_DLFCN], +[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl +])# _LT_HEADER_DLFCN + + +# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# ---------------------------------------------------------------- +m4_defun([_LT_TRY_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "$cross_compiling" = yes; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +[#line __oline__ "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +}] +_LT_EOF + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_TRY_DLOPEN_SELF + + +# LT_SYS_DLOPEN_SELF +# ------------------ +AC_DEFUN([LT_SYS_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen="shl_load"], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen="dlopen"], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +_LT_DECL([dlopen_support], [enable_dlopen], [0], + [Whether dlopen is supported]) +_LT_DECL([dlopen_self], [enable_dlopen_self], [0], + [Whether dlopen of programs is supported]) +_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], + [Whether dlopen of statically linked programs is supported]) +])# LT_SYS_DLOPEN_SELF + +# Old name: +AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) + + +# _LT_COMPILER_C_O([TAGNAME]) +# --------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler. +# This macro does not hard code the compiler like AC_PROG_CC_C_O. +m4_defun([_LT_COMPILER_C_O], +[m4_require([_LT_DECL_SED])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* +]) +_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], + [Does compiler simultaneously support -c and -o options?]) +])# _LT_COMPILER_C_O + + +# _LT_COMPILER_FILE_LOCKS([TAGNAME]) +# ---------------------------------- +# Check to see if we can do hard links to lock some files if needed +m4_defun([_LT_COMPILER_FILE_LOCKS], +[m4_require([_LT_ENABLE_LOCK])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_COMPILER_C_O([$1]) + +hard_links="nottested" +if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test "$hard_links" = no; then + AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) +])# _LT_COMPILER_FILE_LOCKS + + +# _LT_CHECK_OBJDIR +# ---------------- +m4_defun([_LT_CHECK_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +_LT_DECL([], [objdir], [0], + [The name of the directory that contains temporary libtool files])dnl +m4_pattern_allow([LT_OBJDIR])dnl +AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", + [Define to the sub-directory in which libtool stores uninstalled libraries.]) +])# _LT_CHECK_OBJDIR + + +# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) +# -------------------------------------- +# Check hardcoding attributes. +m4_defun([_LT_LINKER_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || + test -n "$_LT_TAGVAR(runpath_var, $1)" || + test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && + test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then + # Linking always hardcodes the temporary library directory. + _LT_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) + +if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || + test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi +_LT_TAGDECL([], [hardcode_action], [0], + [How to hardcode a shared library path into an executable]) +])# _LT_LINKER_HARDCODE_LIBPATH + + +# _LT_CMD_STRIPLIB +# ---------------- +m4_defun([_LT_CMD_STRIPLIB], +[m4_require([_LT_DECL_EGREP]) +striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) +_LT_DECL([], [striplib], [1]) +])# _LT_CMD_STRIPLIB + + +# _LT_SYS_DYNAMIC_LINKER([TAG]) +# ----------------------------- +# PORTME Fill in your ld.so characteristics +m4_defun([_LT_SYS_DYNAMIC_LINKER], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_OBJDUMP])dnl +m4_require([_LT_DECL_SED])dnl +AC_MSG_CHECKING([dynamic linker characteristics]) +m4_if([$1], + [], [ +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` + else + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[[lt_foo]]++; } + if (lt_freq[[lt_foo]] == 1) { print lt_foo; } +}'` + sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[[4-9]]*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[123]]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix[[3-9]]*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # Some binutils ld are patched to set DT_RUNPATH + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[[89]] | openbsd2.[[89]].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + +_LT_DECL([], [variables_saved_for_relink], [1], + [Variables whose values should be saved in libtool wrapper scripts and + restored at link time]) +_LT_DECL([], [need_lib_prefix], [0], + [Do we need the "lib" prefix for modules?]) +_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) +_LT_DECL([], [version_type], [0], [Library versioning type]) +_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) +_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) +_LT_DECL([], [shlibpath_overrides_runpath], [0], + [Is shlibpath searched before the hard-coded library search path?]) +_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) +_LT_DECL([], [library_names_spec], [1], + [[List of archive names. First name is the real one, the rest are links. + The last name is the one that the linker finds with -lNAME]]) +_LT_DECL([], [soname_spec], [1], + [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [postinstall_cmds], [2], + [Command to use after installation of a shared archive]) +_LT_DECL([], [postuninstall_cmds], [2], + [Command to use after uninstallation of a shared archive]) +_LT_DECL([], [finish_cmds], [2], + [Commands used to finish a libtool library installation in a directory]) +_LT_DECL([], [finish_eval], [1], + [[As "finish_cmds", except a single script fragment to be evaled but + not shown]]) +_LT_DECL([], [hardcode_into_libs], [0], + [Whether we should hardcode library paths into libraries]) +_LT_DECL([], [sys_lib_search_path_spec], [2], + [Compile-time system search path for libraries]) +_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], + [Run-time system search path for libraries]) +])# _LT_SYS_DYNAMIC_LINKER + + +# _LT_PATH_TOOL_PREFIX(TOOL) +# -------------------------- +# find a file program which can recognize shared library +AC_DEFUN([_LT_PATH_TOOL_PREFIX], +[m4_require([_LT_DECL_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="m4_if([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$1; then + lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac]) +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +_LT_DECL([], [MAGIC_CMD], [0], + [Used to examine libraries when file_magic_cmd begins with "file"])dnl +])# _LT_PATH_TOOL_PREFIX + +# Old name: +AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) + + +# _LT_PATH_MAGIC +# -------------- +# find a file program which can recognize a shared library +m4_defun([_LT_PATH_MAGIC], +[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# _LT_PATH_MAGIC + + +# LT_PATH_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([LT_PATH_LD], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl + +AC_ARG_WITH([gnu-ld], + [AS_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test "$withval" = no || with_gnu_ld=yes], + [with_gnu_ld=no])dnl + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + +_LT_DECL([], [deplibs_check_method], [1], + [Method to check whether dependent libraries are shared objects]) +_LT_DECL([], [file_magic_cmd], [1], + [Command to use when deplibs_check_method == "file_magic"]) +])# _LT_CHECK_MAGIC_METHOD + + +# LT_PATH_NM +# ---------- +# find the pathname to a BSD- or MS-compatible name lister +AC_DEFUN([LT_PATH_NM], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi]) +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :) + AC_SUBST([DUMPBIN]) + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm +AC_SUBST([NM]) +_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl + +AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], + [lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD) + cat conftest.out >&AS_MESSAGE_LOG_FD + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest*]) +])# LT_PATH_NM + +# Old names: +AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) +AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_PROG_NM], []) +dnl AC_DEFUN([AC_PROG_NM], []) + + +# LT_LIB_M +# -------- +# check for math library +AC_DEFUN([LT_LIB_M], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM="-lm") + ;; +esac +AC_SUBST([LIBM]) +])# LT_LIB_M + +# Old name: +AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_CHECK_LIBM], []) + + +# _LT_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------- +m4_defun([_LT_COMPILER_NO_RTTI], +[m4_require([_LT_TAG_COMPILER])dnl + +_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test "$GCC" = yes; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + + _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], + [Compiler flag to turn off builtin functions]) +])# _LT_COMPILER_NO_RTTI + + +# _LT_CMD_GLOBAL_SYMBOLS +# ---------------------- +m4_defun([_LT_CMD_GLOBAL_SYMBOLS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_NM])dnl +AC_REQUIRE([LT_PATH_LD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_TAG_COMPILER])dnl + +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[[ABCDEGRST]]' + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK ['"\ +" {last_section=section; section=\$ 3};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx]" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if AC_TRY_EVAL(ac_compile); then + # Now try to grab the symbols. + nlist=conftest.nm + if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +const struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[[]] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_save_LIBS="$LIBS" + lt_save_CFLAGS="$CFLAGS" + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS="$lt_save_LIBS" + CFLAGS="$lt_save_CFLAGS" + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi + +_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], + [Take the output of nm and produce a listing of raw symbols and C names]) +_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], + [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_c_name_address], + [lt_cv_sys_global_symbol_to_c_name_address], [1], + [Transform the output of nm in a C name address pair]) +_LT_DECL([global_symbol_to_c_name_address_lib_prefix], + [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], + [Transform the output of nm in a C name address pair when lib prefix is needed]) +]) # _LT_CMD_GLOBAL_SYMBOLS + + +# _LT_COMPILER_PIC([TAGNAME]) +# --------------------------- +m4_defun([_LT_COMPILER_PIC], +[m4_require([_LT_TAG_COMPILER])dnl +_LT_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_TAGVAR(lt_prog_compiler_static, $1)= + +AC_MSG_CHECKING([for $compiler option to produce PIC]) +m4_if([$1], [CXX], [ + # C++ specific cases for pic, static, wl, etc. + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix[[4-9]]*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + if test "$host_cpu" != ia64; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64 which still supported -KPIC. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xlc* | xlC*) + # IBM XL 8.0 on PPC + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test "$GCC" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + hpux9* | hpux10* | hpux11*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' + _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xl*) + # IBM XL C 8.0/Fortran 10.1 on PPC + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + *Sun\ F*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + ;; + esac + ;; + esac + ;; + + newsos6) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + rdos*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" + ;; +esac +AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) +_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], + [How to pass a linker flag through the compiler]) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], + [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], + [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], + [Additional compiler flags for building library objects]) + +# +# Check to make sure the static flag actually works. +# +wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" +_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) +_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], + [Compiler flag to prevent dynamic linking]) +])# _LT_COMPILER_PIC + + +# _LT_LINKER_SHLIBS([TAGNAME]) +# ---------------------------- +# See if the linker supports building shared libraries. +m4_defun([_LT_LINKER_SHLIBS], +[AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +m4_if([$1], [CXX], [ + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + case $host_os in + aix[[4-9]]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + ;; + cygwin* | mingw* | cegcc*) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + ;; + linux* | k*bsd*-gnu) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] +], [ + runpath_var= + _LT_TAGVAR(allow_undefined_flag, $1)= + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(archive_cmds, $1)= + _LT_TAGVAR(archive_expsym_cmds, $1)= + _LT_TAGVAR(compiler_needs_object, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(hardcode_automatic, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= + _LT_TAGVAR(hardcode_libdir_separator, $1)= + _LT_TAGVAR(hardcode_minus_L, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(inherit_rpath, $1)=no + _LT_TAGVAR(link_all_deplibs, $1)=unknown + _LT_TAGVAR(module_cmds, $1)= + _LT_TAGVAR(module_expsym_cmds, $1)= + _LT_TAGVAR(old_archive_from_new_cmds, $1)= + _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_TAGVAR(thread_safe_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. +dnl Note also adjust exclude_expsyms for C++ above. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + linux* | k*bsd*-gnu) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; + esac + + _LT_TAGVAR(ld_shlibs, $1)=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[[3-9]]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag= + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + _LT_TAGVAR(whole_archive_flag_spec, $1)= + tmp_sharedflag='--shared' ;; + xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then + runpath_var= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + _LT_TAGVAR(link_all_deplibs, $1)=no + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + bsdi[[45]]*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + freebsd1*) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + AC_LINK_IFELSE(int foo(void) {}, + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + ) + LDFLAGS="$save_LDFLAGS" + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + else + case $host_os in + openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + ;; + esac + fi + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + fi + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' + ;; + esac + fi + fi +]) +AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) +test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + +_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld + +_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl +_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl +_LT_DECL([], [extract_expsyms_cmds], [2], + [The commands to extract the exported symbol list from a shared archive]) + +# +# Do we need to explicitly link libc? +# +case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $_LT_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_MSG_CHECKING([whether -lc should be explicitly linked in]) + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)]) + ;; + esac + fi + ;; +esac + +_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], + [Whether or not to add -lc for building shared libraries]) +_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], + [enable_shared_with_static_runtimes], [0], + [Whether or not to disallow shared libs when runtime libs are static]) +_LT_TAGDECL([], [export_dynamic_flag_spec], [1], + [Compiler flag to allow reflexive dlopens]) +_LT_TAGDECL([], [whole_archive_flag_spec], [1], + [Compiler flag to generate shared objects directly from archives]) +_LT_TAGDECL([], [compiler_needs_object], [1], + [Whether the compiler copes with passing no objects directly]) +_LT_TAGDECL([], [old_archive_from_new_cmds], [2], + [Create an old-style archive from a shared archive]) +_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], + [Create a temporary old-style archive to link instead of a shared archive]) +_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) +_LT_TAGDECL([], [archive_expsym_cmds], [2]) +_LT_TAGDECL([], [module_cmds], [2], + [Commands used to build a loadable module if different from building + a shared archive.]) +_LT_TAGDECL([], [module_expsym_cmds], [2]) +_LT_TAGDECL([], [with_gnu_ld], [1], + [Whether we are building with GNU ld or not]) +_LT_TAGDECL([], [allow_undefined_flag], [1], + [Flag that allows shared libraries with undefined symbols to be built]) +_LT_TAGDECL([], [no_undefined_flag], [1], + [Flag that enforces no undefined symbols]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], + [Flag to hardcode $libdir into a binary during linking. + This must work even if $libdir does not exist]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], + [[If ld is used when linking, flag to hardcode $libdir into a binary + during linking. This must work even if $libdir does not exist]]) +_LT_TAGDECL([], [hardcode_libdir_separator], [1], + [Whether we need a single "-rpath" flag with a separated argument]) +_LT_TAGDECL([], [hardcode_direct], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary]) +_LT_TAGDECL([], [hardcode_direct_absolute], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary and the resulting library dependency is + "absolute", i.e impossible to change by setting ${shlibpath_var} if the + library is relocated]) +_LT_TAGDECL([], [hardcode_minus_L], [0], + [Set to "yes" if using the -LDIR flag during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_shlibpath_var], [0], + [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_automatic], [0], + [Set to "yes" if building a shared library automatically hardcodes DIR + into the library and all subsequent libraries and executables linked + against it]) +_LT_TAGDECL([], [inherit_rpath], [0], + [Set to yes if linker adds runtime paths of dependent libraries + to runtime path list]) +_LT_TAGDECL([], [link_all_deplibs], [0], + [Whether libtool must link a program against all its dependency libraries]) +_LT_TAGDECL([], [fix_srcfile_path], [1], + [Fix the shell variable $srcfile for the compiler]) +_LT_TAGDECL([], [always_export_symbols], [0], + [Set to "yes" if exported symbols are required]) +_LT_TAGDECL([], [export_symbols_cmds], [2], + [The commands to list exported symbols]) +_LT_TAGDECL([], [exclude_expsyms], [1], + [Symbols that should not be listed in the preloaded symbols]) +_LT_TAGDECL([], [include_expsyms], [1], + [Symbols that must always be exported]) +_LT_TAGDECL([], [prelink_cmds], [2], + [Commands necessary for linking programs (against libraries) with templates]) +_LT_TAGDECL([], [file_list_spec], [1], + [Specify filename containing input files]) +dnl FIXME: Not yet implemented +dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], +dnl [Compiler flag to generate thread safe objects]) +])# _LT_LINKER_SHLIBS + + +# _LT_LANG_C_CONFIG([TAG]) +# ------------------------ +# Ensure that the configuration variables for a C compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_C_CONFIG], +[m4_require([_LT_DECL_EGREP])dnl +lt_save_CC="$CC" +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + +_LT_TAG_COMPILER +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + LT_SYS_DLOPEN_SELF + _LT_CMD_STRIPLIB + + # Report which library types will actually be built + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_CONFIG($1) +fi +AC_LANG_POP +CC="$lt_save_CC" +])# _LT_LANG_C_CONFIG + + +# _LT_PROG_CXX +# ------------ +# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++ +# compiler, we have our own version here. +m4_defun([_LT_PROG_CXX], +[ +pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes]) +AC_PROG_CXX +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi +popdef([AC_MSG_ERROR]) +])# _LT_PROG_CXX + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([_LT_PROG_CXX], []) + + +# _LT_LANG_CXX_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a C++ compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_CXX_CONFIG], +[AC_REQUIRE([_LT_PROG_CXX])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl + +AC_LANG_PUSH(C++) +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(compiler_needs_object, $1)=no +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_caught_CXX_error" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + else + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + fi + + if test "$GXX" = yes; then + # Set up default GNU C++ configuration + + LT_PATH_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='${wl}' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + _LT_TAGVAR(ld_shlibs, $1)=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GXX" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an empty + # executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared + # libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + freebsd[[12]]*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + freebsd-elf*) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + gnu*) + ;; + + hpux9*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + *) + if test "$GXX" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test $with_gnu_ld = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + *) + if test "$GXX" = yes; then + if test $with_gnu_ld = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test "$GXX" = yes; then + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib' + fi + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*) + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 will use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + xl*) + # IBM XL 8.0 on PPC, with GNU ld + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='echo' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + openbsd2*) + # C++ shared libraries are fairly broken + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + fi + output_verbose_link_cmd=echo + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + case $host in + osf3*) + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + ;; + *) + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~ + $RM $lib.exp' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + case $host in + osf3*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='echo' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + else + # g++ 2.7 appears to require `-G' NOT `-shared' on this + # platform. + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + fi + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) + test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + + _LT_TAGVAR(GCC, $1)="$GXX" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + CC=$lt_save_CC + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test "$_lt_caught_CXX_error" != yes + +AC_LANG_POP +])# _LT_LANG_CXX_CONFIG + + +# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) +# --------------------------------- +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +m4_defun([_LT_SYS_HIDDEN_LIBDEPS], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +# Dependencies to place before and after the object being linked: +_LT_TAGVAR(predep_objects, $1)= +_LT_TAGVAR(postdep_objects, $1)= +_LT_TAGVAR(predeps, $1)= +_LT_TAGVAR(postdeps, $1)= +_LT_TAGVAR(compiler_lib_search_path, $1)= + +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF +int a; +void foo (void) { a = 0; } +_LT_EOF +], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF +], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer*4 a + a=0 + return + end +_LT_EOF +], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer a + a=0 + return + end +_LT_EOF +], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF +public class foo { + private int a; + public void bar (void) { + a = 0; + } +}; +_LT_EOF +]) +dnl Parse the compiler output and extract the necessary +dnl objects, libraries and library flags. +if AC_TRY_EVAL(ac_compile); then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case $p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test $p = "-L" || + test $p = "-R"; then + prev=$p + continue + else + prev= + fi + + if test "$pre_test_object_deps_done" = no; then + case $p in + -L* | -R*) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then + _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" + else + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$_LT_TAGVAR(postdeps, $1)"; then + _LT_TAGVAR(postdeps, $1)="${prev}${p}" + else + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" + fi + fi + ;; + + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test "$pre_test_object_deps_done" = no; then + if test -z "$_LT_TAGVAR(predep_objects, $1)"; then + _LT_TAGVAR(predep_objects, $1)="$p" + else + _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" + fi + else + if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then + _LT_TAGVAR(postdep_objects, $1)="$p" + else + _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling $1 test program" +fi + +$RM -f confest.$objext + +# PORTME: override above test on systems where it is broken +m4_if([$1], [CXX], +[case $host_os in +interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_TAGVAR(predep_objects,$1)= + _LT_TAGVAR(postdep_objects,$1)= + _LT_TAGVAR(postdeps,$1)= + ;; + +linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; + +solaris*) + case $cc_basename in + CC*) + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; +esac +]) + +case " $_LT_TAGVAR(postdeps, $1) " in +*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; +esac + _LT_TAGVAR(compiler_lib_search_dirs, $1)= +if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` +fi +_LT_TAGDECL([], [compiler_lib_search_dirs], [1], + [The directories searched by this compiler when creating a shared library]) +_LT_TAGDECL([], [predep_objects], [1], + [Dependencies to place before and after the objects being linked to + create a shared library]) +_LT_TAGDECL([], [postdep_objects], [1]) +_LT_TAGDECL([], [predeps], [1]) +_LT_TAGDECL([], [postdeps], [1]) +_LT_TAGDECL([], [compiler_lib_search_path], [1], + [The library search path used internally by the compiler when linking + a shared library]) +])# _LT_SYS_HIDDEN_LIBDEPS + + +# _LT_PROG_F77 +# ------------ +# Since AC_PROG_F77 is broken, in that it returns the empty string +# if there is no fortran compiler, we have our own version here. +m4_defun([_LT_PROG_F77], +[ +pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes]) +AC_PROG_F77 +if test -z "$F77" || test "X$F77" = "Xno"; then + _lt_disable_F77=yes +fi +popdef([AC_MSG_ERROR]) +])# _LT_PROG_F77 + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([_LT_PROG_F77], []) + + +# _LT_LANG_F77_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a Fortran 77 compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_F77_CONFIG], +[AC_REQUIRE([_LT_PROG_F77])dnl +AC_LANG_PUSH(Fortran 77) + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the F77 compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_F77" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + CC=${F77-"f77"} + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + GCC=$G77 + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$G77" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC="$lt_save_CC" +fi # test "$_lt_disable_F77" != yes + +AC_LANG_POP +])# _LT_LANG_F77_CONFIG + + +# _LT_PROG_FC +# ----------- +# Since AC_PROG_FC is broken, in that it returns the empty string +# if there is no fortran compiler, we have our own version here. +m4_defun([_LT_PROG_FC], +[ +pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes]) +AC_PROG_FC +if test -z "$FC" || test "X$FC" = "Xno"; then + _lt_disable_FC=yes +fi +popdef([AC_MSG_ERROR]) +])# _LT_PROG_FC + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([_LT_PROG_FC], []) + + +# _LT_LANG_FC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for a Fortran compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_FC_CONFIG], +[AC_REQUIRE([_LT_PROG_FC])dnl +AC_LANG_PUSH(Fortran) + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for fc test sources. +ac_ext=${ac_fc_srcext-f} + +# Object file extension for compiled fc test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the FC compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_FC" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + CC=${FC-"f95"} + compiler=$CC + GCC=$ac_cv_fc_compiler_gnu + + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC="$lt_save_CC" +fi # test "$_lt_disable_FC" != yes + +AC_LANG_POP +])# _LT_LANG_FC_CONFIG + + +# _LT_LANG_GCJ_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Java Compiler compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GCJ_CONFIG], +[AC_REQUIRE([LT_PROG_GCJ])dnl +AC_LANG_SAVE + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +lt_save_GCC=$GCC +GCC=yes +CC=${GCJ-"gcj"} +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC="$lt_save_CC" +])# _LT_LANG_GCJ_CONFIG + + +# _LT_LANG_RC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for the Windows resource compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_RC_CONFIG], +[AC_REQUIRE([LT_PROG_RC])dnl +AC_LANG_SAVE + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + +# Code to be used in simple link tests +lt_simple_link_test_code="$lt_simple_compile_test_code" + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +lt_save_GCC=$GCC +GCC= +CC=${RC-"windres"} +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) +_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + +if test -n "$compiler"; then + : + _LT_CONFIG($1) +fi + +GCC=$lt_save_GCC +AC_LANG_RESTORE +CC="$lt_save_CC" +])# _LT_LANG_RC_CONFIG + + +# LT_PROG_GCJ +# ----------- +AC_DEFUN([LT_PROG_GCJ], +[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], + [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], + [AC_CHECK_TOOL(GCJ, gcj,) + test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS)])])[]dnl +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_GCJ], []) + + +# LT_PROG_RC +# ---------- +AC_DEFUN([LT_PROG_RC], +[AC_CHECK_TOOL(RC, windres,) +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_RC], []) + + +# _LT_DECL_EGREP +# -------------- +# If we don't have a new enough Autoconf to choose the best grep +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_EGREP], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_REQUIRE([AC_PROG_FGREP])dnl +test -z "$GREP" && GREP=grep +_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) +_LT_DECL([], [EGREP], [1], [An ERE matcher]) +_LT_DECL([], [FGREP], [1], [A literal string matcher]) +dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too +AC_SUBST([GREP]) +]) + + +# _LT_DECL_OBJDUMP +# -------------- +# If we don't have a new enough Autoconf to choose the best objdump +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_OBJDUMP], +[AC_CHECK_TOOL(OBJDUMP, objdump, false) +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) +AC_SUBST([OBJDUMP]) +]) + + +# _LT_DECL_SED +# ------------ +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +m4_defun([_LT_DECL_SED], +[AC_PROG_SED +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" +_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) +_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], + [Sed that helps us avoid accidentally triggering echo(1) options like -n]) +])# _LT_DECL_SED + +m4_ifndef([AC_PROG_SED], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ + +m4_defun([AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +IFS=$as_save_IFS +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f $lt_ac_sed && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test $lt_ac_count -gt 10 && break + lt_ac_count=`expr $lt_ac_count + 1` + if test $lt_ac_count -gt $lt_ac_max; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_SUBST([SED]) +AC_MSG_RESULT([$SED]) +])#AC_PROG_SED +])#m4_ifndef + +# Old name: +AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_SED], []) + + +# _LT_CHECK_SHELL_FEATURES +# ------------------------ +# Find out whether the shell is Bourne or XSI compatible, +# or has some other useful features. +m4_defun([_LT_CHECK_SHELL_FEATURES], +[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +AC_MSG_RESULT([$xsi_shell]) +_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) + +AC_MSG_CHECKING([whether the shell understands "+="]) +lt_shell_append=no +( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +AC_MSG_RESULT([$lt_shell_append]) +_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi +_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac +_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl +_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl +])# _LT_CHECK_SHELL_FEATURES + + +# _LT_PROG_XSI_SHELLFNS +# --------------------- +# Bourne and XSI compatible variants of some useful shell functions. +m4_defun([_LT_PROG_XSI_SHELLFNS], +[case $xsi_shell in + yes) + cat << \_LT_EOF >> "$cfgfile" + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac +} + +# func_basename file +func_basename () +{ + func_basename_result="${1##*/}" +} + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac + func_basename_result="${1##*/}" +} + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +func_stripname () +{ + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary parameter first. + func_stripname_result=${3} + func_stripname_result=${func_stripname_result#"${1}"} + func_stripname_result=${func_stripname_result%"${2}"} +} + +# func_opt_split +func_opt_split () +{ + func_opt_split_opt=${1%%=*} + func_opt_split_arg=${1#*=} +} + +# func_lo2o object +func_lo2o () +{ + case ${1} in + *.lo) func_lo2o_result=${1%.lo}.${objext} ;; + *) func_lo2o_result=${1} ;; + esac +} + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=${1%.*}.lo +} + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=$(( $[*] )) +} + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=${#1} +} + +_LT_EOF + ;; + *) # Bourne compatible functions. + cat << \_LT_EOF >> "$cfgfile" + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi +} + +# func_basename file +func_basename () +{ + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + +dnl func_dirname_and_basename +dnl A portable version of this function is already defined in general.m4sh +dnl so there is no need for it here. + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# func_strip_suffix prefix name +func_stripname () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "X${3}" \ + | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "X${3}" \ + | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; + esac +} + +# sed scripts: +my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q' +my_sed_long_arg='1s/^-[[^=]]*=//' + +# func_opt_split +func_opt_split () +{ + func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` + func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` +} + +# func_lo2o object +func_lo2o () +{ + func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` +} + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'` +} + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=`expr "$[@]"` +} + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len` +} + +_LT_EOF +esac + +case $lt_shell_append in + yes) + cat << \_LT_EOF >> "$cfgfile" + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "$[1]+=\$[2]" +} +_LT_EOF + ;; + *) + cat << \_LT_EOF >> "$cfgfile" + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "$[1]=\$$[1]\$[2]" +} + +_LT_EOF + ;; + esac +]) diff --git a/m4/ltoptions.m4 b/m4/ltoptions.m4 new file mode 100644 index 0000000..34151a3 --- /dev/null +++ b/m4/ltoptions.m4 @@ -0,0 +1,368 @@ +# Helper functions for option handling. -*- Autoconf -*- +# +# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltoptions.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) + + +# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) +# ------------------------------------------ +m4_define([_LT_MANGLE_OPTION], +[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) + + +# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) +# --------------------------------------- +# Set option OPTION-NAME for macro MACRO-NAME, and if there is a +# matching handler defined, dispatch to it. Other OPTION-NAMEs are +# saved as a flag. +m4_define([_LT_SET_OPTION], +[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl +m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), + _LT_MANGLE_DEFUN([$1], [$2]), + [m4_warning([Unknown $1 option `$2'])])[]dnl +]) + + +# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) +# ------------------------------------------------------------ +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +m4_define([_LT_IF_OPTION], +[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) + + +# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) +# ------------------------------------------------------- +# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME +# are set. +m4_define([_LT_UNLESS_OPTIONS], +[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), + [m4_define([$0_found])])])[]dnl +m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 +])[]dnl +]) + + +# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) +# ---------------------------------------- +# OPTION-LIST is a space-separated list of Libtool options associated +# with MACRO-NAME. If any OPTION has a matching handler declared with +# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about +# the unknown option and exit. +m4_defun([_LT_SET_OPTIONS], +[# Set options +m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [_LT_SET_OPTION([$1], _LT_Option)]) + +m4_if([$1],[LT_INIT],[ + dnl + dnl Simply set some default values (i.e off) if boolean options were not + dnl specified: + _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no + ]) + _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no + ]) + dnl + dnl If no reference was made to various pairs of opposing options, then + dnl we run the default mode handler for the pair. For example, if neither + dnl `shared' nor `disable-shared' was passed, we enable building of shared + dnl archives by default: + _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) + _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], + [_LT_ENABLE_FAST_INSTALL]) + ]) +])# _LT_SET_OPTIONS + + +## --------------------------------- ## +## Macros to handle LT_INIT options. ## +## --------------------------------- ## + +# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) +# ----------------------------------------- +m4_define([_LT_MANGLE_DEFUN], +[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) + + +# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) +# ----------------------------------------------- +m4_define([LT_OPTION_DEFINE], +[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl +])# LT_OPTION_DEFINE + + +# dlopen +# ------ +LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes +]) + +AU_DEFUN([AC_LIBTOOL_DLOPEN], +[_LT_SET_OPTION([LT_INIT], [dlopen]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `dlopen' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) + + +# win32-dll +# --------- +# Declare package support for building win32 dll's. +LT_OPTION_DEFINE([LT_INIT], [win32-dll], +[enable_win32_dll=yes + +case $host in +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +esac + +test -z "$AS" && AS=as +_LT_DECL([], [AS], [0], [Assembler program])dnl + +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl + +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl +])# win32-dll + +AU_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +_LT_SET_OPTION([LT_INIT], [win32-dll]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `win32-dll' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) + + +# _LT_ENABLE_SHARED([DEFAULT]) +# ---------------------------- +# implement the --enable-shared flag, and supports the `shared' and +# `disable-shared' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_SHARED], +[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([shared], + [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) + + _LT_DECL([build_libtool_libs], [enable_shared], [0], + [Whether or not to build shared libraries]) +])# _LT_ENABLE_SHARED + +LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) +]) + +AC_DEFUN([AC_DISABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], [disable-shared]) +]) + +AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_SHARED], []) +dnl AC_DEFUN([AM_DISABLE_SHARED], []) + + + +# _LT_ENABLE_STATIC([DEFAULT]) +# ---------------------------- +# implement the --enable-static flag, and support the `static' and +# `disable-static' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_STATIC], +[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([static], + [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_static=]_LT_ENABLE_STATIC_DEFAULT) + + _LT_DECL([build_old_libs], [enable_static], [0], + [Whether or not to build static libraries]) +])# _LT_ENABLE_STATIC + +LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) +]) + +AC_DEFUN([AC_DISABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], [disable-static]) +]) + +AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_STATIC], []) +dnl AC_DEFUN([AM_DISABLE_STATIC], []) + + + +# _LT_ENABLE_FAST_INSTALL([DEFAULT]) +# ---------------------------------- +# implement the --enable-fast-install flag, and support the `fast-install' +# and `disable-fast-install' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_FAST_INSTALL], +[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([fast-install], + [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) + +_LT_DECL([fast_install], [enable_fast_install], [0], + [Whether or not to optimize for fast installation])dnl +])# _LT_ENABLE_FAST_INSTALL + +LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) + +# Old names: +AU_DEFUN([AC_ENABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `fast-install' option into LT_INIT's first parameter.]) +]) + +AU_DEFUN([AC_DISABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `disable-fast-install' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) +dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) + + +# _LT_WITH_PIC([MODE]) +# -------------------- +# implement the --with-pic flag, and support the `pic-only' and `no-pic' +# LT_INIT options. +# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +m4_define([_LT_WITH_PIC], +[AC_ARG_WITH([pic], + [AS_HELP_STRING([--with-pic], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [pic_mode="$withval"], + [pic_mode=default]) + +test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) + +_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl +])# _LT_WITH_PIC + +LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) + +# Old name: +AU_DEFUN([AC_LIBTOOL_PICMODE], +[_LT_SET_OPTION([LT_INIT], [pic-only]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `pic-only' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) + +## ----------------- ## +## LTDL_INIT Options ## +## ----------------- ## + +m4_define([_LTDL_MODE], []) +LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], + [m4_define([_LTDL_MODE], [nonrecursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [recursive], + [m4_define([_LTDL_MODE], [recursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [subproject], + [m4_define([_LTDL_MODE], [subproject])]) + +m4_define([_LTDL_TYPE], []) +LT_OPTION_DEFINE([LTDL_INIT], [installable], + [m4_define([_LTDL_TYPE], [installable])]) +LT_OPTION_DEFINE([LTDL_INIT], [convenience], + [m4_define([_LTDL_TYPE], [convenience])]) diff --git a/m4/ltsugar.m4 b/m4/ltsugar.m4 new file mode 100644 index 0000000..9000a05 --- /dev/null +++ b/m4/ltsugar.m4 @@ -0,0 +1,123 @@ +# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltsugar.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) + + +# lt_join(SEP, ARG1, [ARG2...]) +# ----------------------------- +# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their +# associated separator. +# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier +# versions in m4sugar had bugs. +m4_define([lt_join], +[m4_if([$#], [1], [], + [$#], [2], [[$2]], + [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) +m4_define([_lt_join], +[m4_if([$#$2], [2], [], + [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) + + +# lt_car(LIST) +# lt_cdr(LIST) +# ------------ +# Manipulate m4 lists. +# These macros are necessary as long as will still need to support +# Autoconf-2.59 which quotes differently. +m4_define([lt_car], [[$1]]) +m4_define([lt_cdr], +[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], + [$#], 1, [], + [m4_dquote(m4_shift($@))])]) +m4_define([lt_unquote], $1) + + +# lt_append(MACRO-NAME, STRING, [SEPARATOR]) +# ------------------------------------------ +# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. +# Note that neither SEPARATOR nor STRING are expanded; they are appended +# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). +# No SEPARATOR is output if MACRO-NAME was previously undefined (different +# than defined and empty). +# +# This macro is needed until we can rely on Autoconf 2.62, since earlier +# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. +m4_define([lt_append], +[m4_define([$1], + m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) + + + +# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) +# ---------------------------------------------------------- +# Produce a SEP delimited list of all paired combinations of elements of +# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list +# has the form PREFIXmINFIXSUFFIXn. +# Needed until we can rely on m4_combine added in Autoconf 2.62. +m4_define([lt_combine], +[m4_if(m4_eval([$# > 3]), [1], + [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl +[[m4_foreach([_Lt_prefix], [$2], + [m4_foreach([_Lt_suffix], + ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, + [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) + + +# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) +# ----------------------------------------------------------------------- +# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited +# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. +m4_define([lt_if_append_uniq], +[m4_ifdef([$1], + [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], + [lt_append([$1], [$2], [$3])$4], + [$5])], + [lt_append([$1], [$2], [$3])$4])]) + + +# lt_dict_add(DICT, KEY, VALUE) +# ----------------------------- +m4_define([lt_dict_add], +[m4_define([$1($2)], [$3])]) + + +# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) +# -------------------------------------------- +m4_define([lt_dict_add_subkey], +[m4_define([$1($2:$3)], [$4])]) + + +# lt_dict_fetch(DICT, KEY, [SUBKEY]) +# ---------------------------------- +m4_define([lt_dict_fetch], +[m4_ifval([$3], + m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), + m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) + + +# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) +# ----------------------------------------------------------------- +m4_define([lt_if_dict_fetch], +[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], + [$5], + [$6])]) + + +# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) +# -------------------------------------------------------------- +m4_define([lt_dict_filter], +[m4_if([$5], [], [], + [lt_join(m4_quote(m4_default([$4], [[, ]])), + lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), + [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl +]) diff --git a/m4/ltversion.m4 b/m4/ltversion.m4 new file mode 100644 index 0000000..f3c5309 --- /dev/null +++ b/m4/ltversion.m4 @@ -0,0 +1,23 @@ +# ltversion.m4 -- version numbers -*- Autoconf -*- +# +# Copyright (C) 2004 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# Generated from ltversion.in. + +# serial 3017 ltversion.m4 +# This file is part of GNU Libtool + +m4_define([LT_PACKAGE_VERSION], [2.2.6b]) +m4_define([LT_PACKAGE_REVISION], [1.3017]) + +AC_DEFUN([LTVERSION_VERSION], +[macro_version='2.2.6b' +macro_revision='1.3017' +_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) +_LT_DECL(, macro_revision, 0) +]) diff --git a/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4 new file mode 100644 index 0000000..637bb20 --- /dev/null +++ b/m4/lt~obsolete.m4 @@ -0,0 +1,92 @@ +# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 4 lt~obsolete.m4 + +# These exist entirely to fool aclocal when bootstrapping libtool. +# +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) +# which have later been changed to m4_define as they aren't part of the +# exported API, or moved to Autoconf or Automake where they belong. +# +# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN +# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us +# using a macro with the same name in our local m4/libtool.m4 it'll +# pull the old libtool.m4 in (it doesn't see our shiny new m4_define +# and doesn't know about Autoconf macros at all.) +# +# So we provide this file, which has a silly filename so it's always +# included after everything else. This provides aclocal with the +# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything +# because those macros already exist, or will be overwritten later. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# +# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. +# Yes, that means every name once taken will need to remain here until +# we give up compatibility with versions before 1.7, at which point +# we need to keep only those names which we still refer to. + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) + +m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) +m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) +m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) +m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) +m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) +m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) +m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) +m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) +m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) +m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) +m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) +m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) +m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) +m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) +m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) +m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) +m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) +m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) +m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) +m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) +m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) +m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) +m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) +m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) +m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) +m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) +m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) +m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) +m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) +m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) +m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) +m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) +m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) +m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) +m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) +m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) +m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) +m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) +m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) +m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) +m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) +m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) +m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) +m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) +m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..bbe7f88 --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,73 @@ +## Process this file with automake to produce Makefile.in + +# File lists +common_headers = common.h prototypes.h version.h +common_sources = str.c file.c client.c log.c options.c protocol.c network.c +common_sources += resolver.c ssl.c ctx.c verify.c sthreads.c fd.c stunnel.c +unix_sources = pty.c libwrap.c +shared_sources = env.c +win32_sources = gui.c resources.h resources.rc stunnel.ico + +# Unix executables +bin_PROGRAMS = stunnel +stunnel_SOURCES = $(common_headers) $(common_sources) $(unix_sources) +bin_SCRIPTS = stunnel3 + +# Unix shared library +pkglib_LTLIBRARIES = libstunnel.la +libstunnel_la_SOURCES = $(shared_sources) +libstunnel_la_LDFLAGS = -avoid-version + +# Red Hat "by design" bug #82369 +stunnel_CPPFLAGS = -I/usr/kerberos/include + +# Additional preprocesor definitions +stunnel_CPPFLAGS += -I$(SSLDIR)/include +stunnel_CPPFLAGS += -DLIBDIR='"$(pkglibdir)"' +stunnel_CPPFLAGS += -DCONFDIR='"$(sysconfdir)/stunnel"' +stunnel_CPPFLAGS += -DPIDFILE='"$(localstatedir)/run/stunnel/stunnel.pid"' + +# SSL library +stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto + +# Win32 executable +EXTRA_DIST = nogui.c make.bat makece.bat makew32.bat +EXTRA_DIST += mingw.mak evc.mak vc.mak os2.mak +EXTRA_PROGRAMS = stunnel.exe +stunnel_exe_SOURCES = $(common_headers) $(common_sources) $(win32_sources) + +OPENSSLDIR = /usr/src/openssl-0.9.8s-fips +WINCPPFLAGS = -I$(OPENSSLDIR)/inc32 +# OPENSSLDIR = /usr/src/openssl-1.0.0f-i586 +# WINCPPFLAGS = -I$(OPENSSLDIR)/include +WINCFLAGS = -mthreads -fstack-protector -O2 -Wall -Wextra -Wno-long-long -pedantic +WINLDFLAGS = -mthreads -fstack-protector -mwindows -s +WINLIBS = -L$(OPENSSLDIR) -lcrypto -lssl -lpsapi -lws2_32 -lgdi32 +# WINLIBS = -L$(OPENSSLDIR) -lzdll -lcrypto.dll -lssl.dll -lpsapi -lws2_32 -lgdi32 +# WINLIBS = -L$(OPENSSLDIR) -lzdll -lcrypto -lssl -lpsapi -lws2_32 -lgdi32 +WINOBJ = str.obj file.obj client.obj log.obj options.obj protocol.obj +WINOBJ += network.obj resolver.obj ssl.obj ctx.obj verify.obj sthreads.obj +WINOBJ += fd.obj stunnel.obj gui.obj resources.obj +WINPREFIX = i586-mingw32msvc- +WINGCC = $(WINPREFIX)gcc +WINDRES = $(WINPREFIX)windres + +dist-hook: stunnel.exe + +distclean-local: + rm -f stunnel.exe + +# SUFFIXES = .c .rc .obj + +stunnel.exe: $(WINOBJ) + $(WINGCC) $(WINLDFLAGS) -o stunnel.exe $(WINOBJ) $(WINLIBS) + +%.obj: %.c $(common_headers) + $(WINGCC) -c $(WINCPPFLAGS) $(WINCFLAGS) -o $@ $< + +resources.obj: resources.rc resources.h version.h + $(WINDRES) --include-dir $(srcdir) $< $@ + +mostlyclean-local: + -rm -f *.obj + diff --git a/src/Makefile.in b/src/Makefile.in new file mode 100644 index 0000000..6dbbf93 --- /dev/null +++ b/src/Makefile.in @@ -0,0 +1,986 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = stunnel$(EXEEXT) +EXTRA_PROGRAMS = stunnel.exe$(EXEEXT) +subdir = src +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/config.h.in $(srcdir)/stunnel3.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = stunnel3 +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(bindir)" \ + "$(DESTDIR)$(bindir)" +LTLIBRARIES = $(pkglib_LTLIBRARIES) +libstunnel_la_LIBADD = +am__objects_1 = env.lo +am_libstunnel_la_OBJECTS = $(am__objects_1) +libstunnel_la_OBJECTS = $(am_libstunnel_la_OBJECTS) +libstunnel_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstunnel_la_LDFLAGS) $(LDFLAGS) -o $@ +PROGRAMS = $(bin_PROGRAMS) +am__objects_2 = +am__objects_3 = stunnel-str.$(OBJEXT) stunnel-file.$(OBJEXT) \ + stunnel-client.$(OBJEXT) stunnel-log.$(OBJEXT) \ + stunnel-options.$(OBJEXT) stunnel-protocol.$(OBJEXT) \ + stunnel-network.$(OBJEXT) stunnel-resolver.$(OBJEXT) \ + stunnel-ssl.$(OBJEXT) stunnel-ctx.$(OBJEXT) \ + stunnel-verify.$(OBJEXT) stunnel-sthreads.$(OBJEXT) \ + stunnel-fd.$(OBJEXT) stunnel-stunnel.$(OBJEXT) +am__objects_4 = stunnel-pty.$(OBJEXT) stunnel-libwrap.$(OBJEXT) +am_stunnel_OBJECTS = $(am__objects_2) $(am__objects_3) \ + $(am__objects_4) +stunnel_OBJECTS = $(am_stunnel_OBJECTS) +stunnel_LDADD = $(LDADD) +stunnel_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(stunnel_CFLAGS) $(CFLAGS) \ + $(stunnel_LDFLAGS) $(LDFLAGS) -o $@ +am__objects_5 = str.$(OBJEXT) file.$(OBJEXT) client.$(OBJEXT) \ + log.$(OBJEXT) options.$(OBJEXT) protocol.$(OBJEXT) \ + network.$(OBJEXT) resolver.$(OBJEXT) ssl.$(OBJEXT) \ + ctx.$(OBJEXT) verify.$(OBJEXT) sthreads.$(OBJEXT) fd.$(OBJEXT) \ + stunnel.$(OBJEXT) +am__objects_6 = gui.$(OBJEXT) +am_stunnel_exe_OBJECTS = $(am__objects_2) $(am__objects_5) \ + $(am__objects_6) +stunnel_exe_OBJECTS = $(am_stunnel_exe_OBJECTS) +stunnel_exe_LDADD = $(LDADD) +SCRIPTS = $(bin_SCRIPTS) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/auto/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstunnel_la_SOURCES) $(stunnel_SOURCES) \ + $(stunnel_exe_SOURCES) +DIST_SOURCES = $(libstunnel_la_SOURCES) $(stunnel_SOURCES) \ + $(stunnel_exe_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_GROUP = @DEFAULT_GROUP@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIBTOOL_DEPS = @LIBTOOL_DEPS@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANDOM_FILE = @RANDOM_FILE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SSLDIR = @SSLDIR@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +stunnel_CFLAGS = @stunnel_CFLAGS@ +stunnel_LDFLAGF = @stunnel_LDFLAGF@ + +# SSL library +stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ + +# File lists +common_headers = common.h prototypes.h version.h +common_sources = str.c file.c client.c log.c options.c protocol.c \ + network.c resolver.c ssl.c ctx.c verify.c sthreads.c fd.c \ + stunnel.c +unix_sources = pty.c libwrap.c +shared_sources = env.c +win32_sources = gui.c resources.h resources.rc stunnel.ico +stunnel_SOURCES = $(common_headers) $(common_sources) $(unix_sources) +bin_SCRIPTS = stunnel3 + +# Unix shared library +pkglib_LTLIBRARIES = libstunnel.la +libstunnel_la_SOURCES = $(shared_sources) +libstunnel_la_LDFLAGS = -avoid-version + +# Red Hat "by design" bug #82369 + +# Additional preprocesor definitions +stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \ + -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' \ + -DPIDFILE='"$(localstatedir)/run/stunnel/stunnel.pid"' + +# Win32 executable +EXTRA_DIST = nogui.c make.bat makece.bat makew32.bat mingw.mak evc.mak \ + vc.mak os2.mak +stunnel_exe_SOURCES = $(common_headers) $(common_sources) $(win32_sources) +OPENSSLDIR = /usr/src/openssl-0.9.8s-fips +WINCPPFLAGS = -I$(OPENSSLDIR)/inc32 +# OPENSSLDIR = /usr/src/openssl-1.0.0f-i586 +# WINCPPFLAGS = -I$(OPENSSLDIR)/include +WINCFLAGS = -mthreads -fstack-protector -O2 -Wall -Wextra -Wno-long-long -pedantic +WINLDFLAGS = -mthreads -fstack-protector -mwindows -s +WINLIBS = -L$(OPENSSLDIR) -lcrypto -lssl -lpsapi -lws2_32 -lgdi32 +# WINLIBS = -L$(OPENSSLDIR) -lzdll -lcrypto.dll -lssl.dll -lpsapi -lws2_32 -lgdi32 +# WINLIBS = -L$(OPENSSLDIR) -lzdll -lcrypto -lssl -lpsapi -lws2_32 -lgdi32 +WINOBJ = str.obj file.obj client.obj log.obj options.obj protocol.obj \ + network.obj resolver.obj ssl.obj ctx.obj verify.obj \ + sthreads.obj fd.obj stunnel.obj gui.obj resources.obj +WINPREFIX = i586-mingw32msvc- +WINGCC = $(WINPREFIX)gcc +WINDRES = $(WINPREFIX)windres +all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @if test ! -f $@; then \ + rm -f stamp-h1; \ + $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \ + else :; fi + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status src/config.h +$(srcdir)/config.h.in: $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 +stunnel3: $(top_builddir)/config.status $(srcdir)/stunnel3.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(pkglibdir)" || $(MKDIR_P) "$(DESTDIR)$(pkglibdir)" + @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \ + } + +uninstall-pkglibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \ + done + +clean-pkglibLTLIBRARIES: + -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) + @list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstunnel.la: $(libstunnel_la_OBJECTS) $(libstunnel_la_DEPENDENCIES) + $(libstunnel_la_LINK) -rpath $(pkglibdir) $(libstunnel_la_OBJECTS) $(libstunnel_la_LIBADD) $(LIBS) +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +stunnel$(EXEEXT): $(stunnel_OBJECTS) $(stunnel_DEPENDENCIES) + @rm -f stunnel$(EXEEXT) + $(stunnel_LINK) $(stunnel_OBJECTS) $(stunnel_LDADD) $(LIBS) +install-binSCRIPTS: $(bin_SCRIPTS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctx.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/env.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gui.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/network.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/options.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolver.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sthreads.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/str.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-ctx.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-fd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-file.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-libwrap.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-network.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-options.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-protocol.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-pty.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-resolver.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-ssl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-sthreads.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-str.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-stunnel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-verify.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +stunnel-str.o: str.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-str.o -MD -MP -MF $(DEPDIR)/stunnel-str.Tpo -c -o stunnel-str.o `test -f 'str.c' || echo '$(srcdir)/'`str.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-str.Tpo $(DEPDIR)/stunnel-str.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='str.c' object='stunnel-str.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-str.o `test -f 'str.c' || echo '$(srcdir)/'`str.c + +stunnel-str.obj: str.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-str.obj -MD -MP -MF $(DEPDIR)/stunnel-str.Tpo -c -o stunnel-str.obj `if test -f 'str.c'; then $(CYGPATH_W) 'str.c'; else $(CYGPATH_W) '$(srcdir)/str.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-str.Tpo $(DEPDIR)/stunnel-str.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='str.c' object='stunnel-str.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-str.obj `if test -f 'str.c'; then $(CYGPATH_W) 'str.c'; else $(CYGPATH_W) '$(srcdir)/str.c'; fi` + +stunnel-file.o: file.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-file.o -MD -MP -MF $(DEPDIR)/stunnel-file.Tpo -c -o stunnel-file.o `test -f 'file.c' || echo '$(srcdir)/'`file.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-file.Tpo $(DEPDIR)/stunnel-file.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='file.c' object='stunnel-file.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-file.o `test -f 'file.c' || echo '$(srcdir)/'`file.c + +stunnel-file.obj: file.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-file.obj -MD -MP -MF $(DEPDIR)/stunnel-file.Tpo -c -o stunnel-file.obj `if test -f 'file.c'; then $(CYGPATH_W) 'file.c'; else $(CYGPATH_W) '$(srcdir)/file.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-file.Tpo $(DEPDIR)/stunnel-file.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='file.c' object='stunnel-file.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-file.obj `if test -f 'file.c'; then $(CYGPATH_W) 'file.c'; else $(CYGPATH_W) '$(srcdir)/file.c'; fi` + +stunnel-client.o: client.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-client.o -MD -MP -MF $(DEPDIR)/stunnel-client.Tpo -c -o stunnel-client.o `test -f 'client.c' || echo '$(srcdir)/'`client.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-client.Tpo $(DEPDIR)/stunnel-client.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client.c' object='stunnel-client.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-client.o `test -f 'client.c' || echo '$(srcdir)/'`client.c + +stunnel-client.obj: client.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-client.obj -MD -MP -MF $(DEPDIR)/stunnel-client.Tpo -c -o stunnel-client.obj `if test -f 'client.c'; then $(CYGPATH_W) 'client.c'; else $(CYGPATH_W) '$(srcdir)/client.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-client.Tpo $(DEPDIR)/stunnel-client.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client.c' object='stunnel-client.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-client.obj `if test -f 'client.c'; then $(CYGPATH_W) 'client.c'; else $(CYGPATH_W) '$(srcdir)/client.c'; fi` + +stunnel-log.o: log.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-log.o -MD -MP -MF $(DEPDIR)/stunnel-log.Tpo -c -o stunnel-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-log.Tpo $(DEPDIR)/stunnel-log.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='stunnel-log.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c + +stunnel-log.obj: log.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-log.obj -MD -MP -MF $(DEPDIR)/stunnel-log.Tpo -c -o stunnel-log.obj `if test -f 'log.c'; then $(CYGPATH_W) 'log.c'; else $(CYGPATH_W) '$(srcdir)/log.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-log.Tpo $(DEPDIR)/stunnel-log.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='stunnel-log.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-log.obj `if test -f 'log.c'; then $(CYGPATH_W) 'log.c'; else $(CYGPATH_W) '$(srcdir)/log.c'; fi` + +stunnel-options.o: options.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-options.o -MD -MP -MF $(DEPDIR)/stunnel-options.Tpo -c -o stunnel-options.o `test -f 'options.c' || echo '$(srcdir)/'`options.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-options.Tpo $(DEPDIR)/stunnel-options.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='options.c' object='stunnel-options.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-options.o `test -f 'options.c' || echo '$(srcdir)/'`options.c + +stunnel-options.obj: options.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-options.obj -MD -MP -MF $(DEPDIR)/stunnel-options.Tpo -c -o stunnel-options.obj `if test -f 'options.c'; then $(CYGPATH_W) 'options.c'; else $(CYGPATH_W) '$(srcdir)/options.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-options.Tpo $(DEPDIR)/stunnel-options.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='options.c' object='stunnel-options.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-options.obj `if test -f 'options.c'; then $(CYGPATH_W) 'options.c'; else $(CYGPATH_W) '$(srcdir)/options.c'; fi` + +stunnel-protocol.o: protocol.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-protocol.o -MD -MP -MF $(DEPDIR)/stunnel-protocol.Tpo -c -o stunnel-protocol.o `test -f 'protocol.c' || echo '$(srcdir)/'`protocol.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-protocol.Tpo $(DEPDIR)/stunnel-protocol.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocol.c' object='stunnel-protocol.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-protocol.o `test -f 'protocol.c' || echo '$(srcdir)/'`protocol.c + +stunnel-protocol.obj: protocol.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-protocol.obj -MD -MP -MF $(DEPDIR)/stunnel-protocol.Tpo -c -o stunnel-protocol.obj `if test -f 'protocol.c'; then $(CYGPATH_W) 'protocol.c'; else $(CYGPATH_W) '$(srcdir)/protocol.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-protocol.Tpo $(DEPDIR)/stunnel-protocol.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocol.c' object='stunnel-protocol.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-protocol.obj `if test -f 'protocol.c'; then $(CYGPATH_W) 'protocol.c'; else $(CYGPATH_W) '$(srcdir)/protocol.c'; fi` + +stunnel-network.o: network.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-network.o -MD -MP -MF $(DEPDIR)/stunnel-network.Tpo -c -o stunnel-network.o `test -f 'network.c' || echo '$(srcdir)/'`network.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-network.Tpo $(DEPDIR)/stunnel-network.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network.c' object='stunnel-network.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-network.o `test -f 'network.c' || echo '$(srcdir)/'`network.c + +stunnel-network.obj: network.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-network.obj -MD -MP -MF $(DEPDIR)/stunnel-network.Tpo -c -o stunnel-network.obj `if test -f 'network.c'; then $(CYGPATH_W) 'network.c'; else $(CYGPATH_W) '$(srcdir)/network.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-network.Tpo $(DEPDIR)/stunnel-network.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network.c' object='stunnel-network.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-network.obj `if test -f 'network.c'; then $(CYGPATH_W) 'network.c'; else $(CYGPATH_W) '$(srcdir)/network.c'; fi` + +stunnel-resolver.o: resolver.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-resolver.o -MD -MP -MF $(DEPDIR)/stunnel-resolver.Tpo -c -o stunnel-resolver.o `test -f 'resolver.c' || echo '$(srcdir)/'`resolver.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-resolver.Tpo $(DEPDIR)/stunnel-resolver.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='resolver.c' object='stunnel-resolver.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-resolver.o `test -f 'resolver.c' || echo '$(srcdir)/'`resolver.c + +stunnel-resolver.obj: resolver.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-resolver.obj -MD -MP -MF $(DEPDIR)/stunnel-resolver.Tpo -c -o stunnel-resolver.obj `if test -f 'resolver.c'; then $(CYGPATH_W) 'resolver.c'; else $(CYGPATH_W) '$(srcdir)/resolver.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-resolver.Tpo $(DEPDIR)/stunnel-resolver.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='resolver.c' object='stunnel-resolver.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-resolver.obj `if test -f 'resolver.c'; then $(CYGPATH_W) 'resolver.c'; else $(CYGPATH_W) '$(srcdir)/resolver.c'; fi` + +stunnel-ssl.o: ssl.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-ssl.o -MD -MP -MF $(DEPDIR)/stunnel-ssl.Tpo -c -o stunnel-ssl.o `test -f 'ssl.c' || echo '$(srcdir)/'`ssl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-ssl.Tpo $(DEPDIR)/stunnel-ssl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssl.c' object='stunnel-ssl.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-ssl.o `test -f 'ssl.c' || echo '$(srcdir)/'`ssl.c + +stunnel-ssl.obj: ssl.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-ssl.obj -MD -MP -MF $(DEPDIR)/stunnel-ssl.Tpo -c -o stunnel-ssl.obj `if test -f 'ssl.c'; then $(CYGPATH_W) 'ssl.c'; else $(CYGPATH_W) '$(srcdir)/ssl.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-ssl.Tpo $(DEPDIR)/stunnel-ssl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssl.c' object='stunnel-ssl.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-ssl.obj `if test -f 'ssl.c'; then $(CYGPATH_W) 'ssl.c'; else $(CYGPATH_W) '$(srcdir)/ssl.c'; fi` + +stunnel-ctx.o: ctx.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-ctx.o -MD -MP -MF $(DEPDIR)/stunnel-ctx.Tpo -c -o stunnel-ctx.o `test -f 'ctx.c' || echo '$(srcdir)/'`ctx.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-ctx.Tpo $(DEPDIR)/stunnel-ctx.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ctx.c' object='stunnel-ctx.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-ctx.o `test -f 'ctx.c' || echo '$(srcdir)/'`ctx.c + +stunnel-ctx.obj: ctx.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-ctx.obj -MD -MP -MF $(DEPDIR)/stunnel-ctx.Tpo -c -o stunnel-ctx.obj `if test -f 'ctx.c'; then $(CYGPATH_W) 'ctx.c'; else $(CYGPATH_W) '$(srcdir)/ctx.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-ctx.Tpo $(DEPDIR)/stunnel-ctx.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ctx.c' object='stunnel-ctx.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-ctx.obj `if test -f 'ctx.c'; then $(CYGPATH_W) 'ctx.c'; else $(CYGPATH_W) '$(srcdir)/ctx.c'; fi` + +stunnel-verify.o: verify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-verify.o -MD -MP -MF $(DEPDIR)/stunnel-verify.Tpo -c -o stunnel-verify.o `test -f 'verify.c' || echo '$(srcdir)/'`verify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-verify.Tpo $(DEPDIR)/stunnel-verify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='verify.c' object='stunnel-verify.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-verify.o `test -f 'verify.c' || echo '$(srcdir)/'`verify.c + +stunnel-verify.obj: verify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-verify.obj -MD -MP -MF $(DEPDIR)/stunnel-verify.Tpo -c -o stunnel-verify.obj `if test -f 'verify.c'; then $(CYGPATH_W) 'verify.c'; else $(CYGPATH_W) '$(srcdir)/verify.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-verify.Tpo $(DEPDIR)/stunnel-verify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='verify.c' object='stunnel-verify.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-verify.obj `if test -f 'verify.c'; then $(CYGPATH_W) 'verify.c'; else $(CYGPATH_W) '$(srcdir)/verify.c'; fi` + +stunnel-sthreads.o: sthreads.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-sthreads.o -MD -MP -MF $(DEPDIR)/stunnel-sthreads.Tpo -c -o stunnel-sthreads.o `test -f 'sthreads.c' || echo '$(srcdir)/'`sthreads.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-sthreads.Tpo $(DEPDIR)/stunnel-sthreads.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sthreads.c' object='stunnel-sthreads.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-sthreads.o `test -f 'sthreads.c' || echo '$(srcdir)/'`sthreads.c + +stunnel-sthreads.obj: sthreads.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-sthreads.obj -MD -MP -MF $(DEPDIR)/stunnel-sthreads.Tpo -c -o stunnel-sthreads.obj `if test -f 'sthreads.c'; then $(CYGPATH_W) 'sthreads.c'; else $(CYGPATH_W) '$(srcdir)/sthreads.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-sthreads.Tpo $(DEPDIR)/stunnel-sthreads.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sthreads.c' object='stunnel-sthreads.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-sthreads.obj `if test -f 'sthreads.c'; then $(CYGPATH_W) 'sthreads.c'; else $(CYGPATH_W) '$(srcdir)/sthreads.c'; fi` + +stunnel-fd.o: fd.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-fd.o -MD -MP -MF $(DEPDIR)/stunnel-fd.Tpo -c -o stunnel-fd.o `test -f 'fd.c' || echo '$(srcdir)/'`fd.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-fd.Tpo $(DEPDIR)/stunnel-fd.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fd.c' object='stunnel-fd.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-fd.o `test -f 'fd.c' || echo '$(srcdir)/'`fd.c + +stunnel-fd.obj: fd.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-fd.obj -MD -MP -MF $(DEPDIR)/stunnel-fd.Tpo -c -o stunnel-fd.obj `if test -f 'fd.c'; then $(CYGPATH_W) 'fd.c'; else $(CYGPATH_W) '$(srcdir)/fd.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-fd.Tpo $(DEPDIR)/stunnel-fd.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fd.c' object='stunnel-fd.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-fd.obj `if test -f 'fd.c'; then $(CYGPATH_W) 'fd.c'; else $(CYGPATH_W) '$(srcdir)/fd.c'; fi` + +stunnel-stunnel.o: stunnel.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-stunnel.o -MD -MP -MF $(DEPDIR)/stunnel-stunnel.Tpo -c -o stunnel-stunnel.o `test -f 'stunnel.c' || echo '$(srcdir)/'`stunnel.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-stunnel.Tpo $(DEPDIR)/stunnel-stunnel.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='stunnel.c' object='stunnel-stunnel.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-stunnel.o `test -f 'stunnel.c' || echo '$(srcdir)/'`stunnel.c + +stunnel-stunnel.obj: stunnel.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-stunnel.obj -MD -MP -MF $(DEPDIR)/stunnel-stunnel.Tpo -c -o stunnel-stunnel.obj `if test -f 'stunnel.c'; then $(CYGPATH_W) 'stunnel.c'; else $(CYGPATH_W) '$(srcdir)/stunnel.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-stunnel.Tpo $(DEPDIR)/stunnel-stunnel.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='stunnel.c' object='stunnel-stunnel.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-stunnel.obj `if test -f 'stunnel.c'; then $(CYGPATH_W) 'stunnel.c'; else $(CYGPATH_W) '$(srcdir)/stunnel.c'; fi` + +stunnel-pty.o: pty.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-pty.o -MD -MP -MF $(DEPDIR)/stunnel-pty.Tpo -c -o stunnel-pty.o `test -f 'pty.c' || echo '$(srcdir)/'`pty.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-pty.Tpo $(DEPDIR)/stunnel-pty.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pty.c' object='stunnel-pty.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-pty.o `test -f 'pty.c' || echo '$(srcdir)/'`pty.c + +stunnel-pty.obj: pty.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-pty.obj -MD -MP -MF $(DEPDIR)/stunnel-pty.Tpo -c -o stunnel-pty.obj `if test -f 'pty.c'; then $(CYGPATH_W) 'pty.c'; else $(CYGPATH_W) '$(srcdir)/pty.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-pty.Tpo $(DEPDIR)/stunnel-pty.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pty.c' object='stunnel-pty.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-pty.obj `if test -f 'pty.c'; then $(CYGPATH_W) 'pty.c'; else $(CYGPATH_W) '$(srcdir)/pty.c'; fi` + +stunnel-libwrap.o: libwrap.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-libwrap.o -MD -MP -MF $(DEPDIR)/stunnel-libwrap.Tpo -c -o stunnel-libwrap.o `test -f 'libwrap.c' || echo '$(srcdir)/'`libwrap.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-libwrap.Tpo $(DEPDIR)/stunnel-libwrap.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libwrap.c' object='stunnel-libwrap.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-libwrap.o `test -f 'libwrap.c' || echo '$(srcdir)/'`libwrap.c + +stunnel-libwrap.obj: libwrap.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -MT stunnel-libwrap.obj -MD -MP -MF $(DEPDIR)/stunnel-libwrap.Tpo -c -o stunnel-libwrap.obj `if test -f 'libwrap.c'; then $(CYGPATH_W) 'libwrap.c'; else $(CYGPATH_W) '$(srcdir)/libwrap.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/stunnel-libwrap.Tpo $(DEPDIR)/stunnel-libwrap.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='libwrap.c' object='stunnel-libwrap.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(stunnel_CFLAGS) $(CFLAGS) -c -o stunnel-libwrap.obj `if test -f 'libwrap.c'; then $(CYGPATH_W) 'libwrap.c'; else $(CYGPATH_W) '$(srcdir)/libwrap.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) config.h +installdirs: + for dir in "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libtool \ + clean-pkglibLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-hdr distclean-local distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS install-binSCRIPTS \ + install-pkglibLTLIBRARIES + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool mostlyclean-local + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ + uninstall-pkglibLTLIBRARIES + +.MAKE: all install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic clean-libtool clean-pkglibLTLIBRARIES ctags \ + dist-hook distclean distclean-compile distclean-generic \ + distclean-hdr distclean-libtool distclean-local distclean-tags \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-binPROGRAMS install-binSCRIPTS install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pkglibLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + mostlyclean-local pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-binPROGRAMS uninstall-binSCRIPTS \ + uninstall-pkglibLTLIBRARIES + + +dist-hook: stunnel.exe + +distclean-local: + rm -f stunnel.exe + +# SUFFIXES = .c .rc .obj + +stunnel.exe: $(WINOBJ) + $(WINGCC) $(WINLDFLAGS) -o stunnel.exe $(WINOBJ) $(WINLIBS) + +%.obj: %.c $(common_headers) + $(WINGCC) -c $(WINCPPFLAGS) $(WINCFLAGS) -o $@ $< + +resources.obj: resources.rc resources.h version.h + $(WINDRES) --include-dir $(srcdir) $< $@ + +mostlyclean-local: + -rm -f *.obj + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/client.c b/src/client.c new file mode 100644 index 0000000..4003d13 --- /dev/null +++ b/src/client.c @@ -0,0 +1,1267 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#ifndef SHUT_RD +#define SHUT_RD 0 +#endif +#ifndef SHUT_WR +#define SHUT_WR 1 +#endif +#ifndef SHUT_RDWR +#define SHUT_RDWR 2 +#endif + +static void client_try(CLI *); +static void client_run(CLI *); +static void init_local(CLI *); +static void init_remote(CLI *); +static void init_ssl(CLI *); +#ifdef USE_WIN32 +static void win_new_chain(CLI *); +#endif +static void transfer(CLI *); +static int parse_socket_error(CLI *, const char *); + +static void print_cipher(CLI *); +static void auth_user(CLI *, char *); +static int connect_local(CLI *); +static int connect_remote(CLI *); +static SOCKADDR_LIST *dynamic_remote_addr(CLI *); +static void local_bind(CLI *c); +static void print_bound_address(CLI *); +static void reset(int, char *); + +/* allocate local data structure for the new thread */ +CLI *alloc_client_session(SERVICE_OPTIONS *opt, int rfd, int wfd) { + CLI *c; + + c=str_alloc(sizeof(CLI)); + str_detach(c); + c->opt=opt; + c->local_rfd.fd=rfd; + c->local_wfd.fd=wfd; + return c; +} + +void *client_thread(void *arg) { + CLI *c=arg; + +#ifdef DEBUG_STACK_SIZE + stack_info(1); /* initialize */ +#endif + client_main(c); +#ifdef DEBUG_STACK_SIZE + stack_info(0); /* display computed value */ +#endif + str_stats(); + str_cleanup(); + /* s_log() is not allowed after str_cleanup() */ +#if defined(USE_WIN32) && !defined(_WIN32_WCE) + _endthread(); +#endif +#ifdef USE_UCONTEXT + s_poll_wait(NULL, 0, 0); /* wait on poll() */ +#endif + return NULL; +} + +void client_main(CLI *c) { + s_log(LOG_DEBUG, "Service [%s] started", c->opt->servname); + if(c->opt->option.program && c->opt->option.remote) { + /* exec and connect options specified together + * -> spawn a local program instead of stdio */ + for(;;) { + SERVICE_OPTIONS *opt=c->opt; + memset(c, 0, sizeof(CLI)); /* connect_local needs clean c */ + c->opt=opt; + if(!setjmp(c->err)) + c->local_rfd.fd=c->local_wfd.fd=connect_local(c); + else + break; + client_run(c); + if(!c->opt->option.retry) + break; + sleep(1); /* FIXME: not a good idea in ucontext threading */ + str_stats(); + if(service_options.next) /* don't str_cleanup in inetd mode */ + str_cleanup(); + } + } else + client_run(c); + str_free(c); +} + +static void client_run(CLI *c) { + int error; + +#ifndef USE_FORK + enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */ + ++num_clients; + leave_critical_section(CRIT_CLIENTS); +#endif + + c->remote_fd.fd=-1; + c->fd=-1; + c->ssl=NULL; + c->sock_bytes=c->ssl_bytes=0; + c->fds=s_poll_alloc(); + c->connect_addr.num=0; + c->connect_addr.addr=NULL; + + error=setjmp(c->err); + if(!error) + client_try(c); + + s_log(LOG_NOTICE, + "Connection %s: %d byte(s) sent to SSL, %d byte(s) sent to socket", + error==1 ? "reset" : "closed", c->ssl_bytes, c->sock_bytes); + + /* cleanup temporary (e.g. IDENT) socket */ + if(c->fd>=0) + closesocket(c->fd); + c->fd=-1; + + /* cleanup SSL */ + if(c->ssl) { /* SSL initialized */ + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + SSL_free(c->ssl); + c->ssl=NULL; + ERR_remove_state(0); + } + + /* cleanup remote socket */ + if(c->remote_fd.fd>=0) { /* remote socket initialized */ + if(error==1 && c->remote_fd.is_socket) /* reset */ + reset(c->remote_fd.fd, "linger (remote)"); + closesocket(c->remote_fd.fd); + s_log(LOG_DEBUG, "Remote socket (FD=%d) closed", c->remote_fd.fd); + c->remote_fd.fd=-1; + } + + /* cleanup local socket */ + if(c->local_rfd.fd>=0) { /* local socket initialized */ + if(c->local_rfd.fd==c->local_wfd.fd) { + if(error==1 && c->local_rfd.is_socket) + reset(c->local_rfd.fd, "linger (local)"); + closesocket(c->local_rfd.fd); + s_log(LOG_DEBUG, "Local socket (FD=%d) closed", c->local_rfd.fd); + } else { /* stdin/stdout */ + if(error==1 && c->local_rfd.is_socket) + reset(c->local_rfd.fd, "linger (local_rfd)"); + if(error==1 && c->local_wfd.is_socket) + reset(c->local_wfd.fd, "linger (local_wfd)"); + } + c->local_rfd.fd=c->local_wfd.fd=-1; + } + +#ifdef USE_FORK + /* display child return code if it managed to arrive on time */ + /* otherwise it will be retrieved by the init process and ignored */ + if(c->opt->option.program) /* 'exec' specified */ + child_status(); /* null SIGCHLD handler was used */ + s_log(LOG_DEBUG, "Service [%s] finished", c->opt->servname); +#else + enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */ + s_log(LOG_DEBUG, "Service [%s] finished (%d left)", + c->opt->servname, --num_clients); + leave_critical_section(CRIT_CLIENTS); +#endif + + /* free remaining memory structures */ + if(c->connect_addr.addr) + str_free(c->connect_addr.addr); + s_poll_free(c->fds); + c->fds=NULL; +} + +static void client_try(CLI *c) { + init_local(c); + if(!c->opt->option.client && c->opt->protocol<0) { + /* server mode and no protocol negotiation needed */ + init_ssl(c); + init_remote(c); + } else { + protocol(c, PROTOCOL_PRE_CONNECT); + init_remote(c); + protocol(c, PROTOCOL_PRE_SSL); + init_ssl(c); + protocol(c, PROTOCOL_POST_SSL); + } + transfer(c); +} + +static void init_local(CLI *c) { + SOCKADDR_UNION addr; + socklen_t addr_len; + char *accepted_address; + + /* check if local_rfd is a socket and get peer address */ + addr_len=sizeof(SOCKADDR_UNION); + c->local_rfd.is_socket=!getpeername(c->local_rfd.fd, &addr.sa, &addr_len); + if(c->local_rfd.is_socket) { + memcpy(&c->peer_addr.sa, &addr.sa, addr_len); + c->peer_addr_len=addr_len; + if(set_socket_options(c->local_rfd.fd, 1)) + s_log(LOG_WARNING, "Failed to set local socket options"); + } else { + if(get_last_socket_error()!=S_ENOTSOCK) { + sockerror("getpeerbyname (local_rfd)"); + longjmp(c->err, 1); + } + } + + /* check if local_wfd is a socket and get peer address */ + if(c->local_rfd.fd==c->local_wfd.fd) { + c->local_wfd.is_socket=c->local_rfd.is_socket; + } else { + addr_len=sizeof(SOCKADDR_UNION); + c->local_wfd.is_socket=!getpeername(c->local_wfd.fd, &addr.sa, &addr_len); + if(c->local_wfd.is_socket) { + if(!c->local_rfd.is_socket) { /* already retrieved */ + memcpy(&c->peer_addr.sa, &addr.sa, addr_len); + c->peer_addr_len=addr_len; + } + if(set_socket_options(c->local_wfd.fd, 1)) + s_log(LOG_WARNING, "Failed to set local socket options"); + } else { + if(get_last_socket_error()!=S_ENOTSOCK) { + sockerror("getpeerbyname (local_wfd)"); + longjmp(c->err, 1); + } + } + } + + /* neither of local descriptors is a socket */ + if(!c->local_rfd.is_socket && !c->local_rfd.is_socket) { +#ifndef USE_WIN32 + if(c->opt->option.transparent_src) { + s_log(LOG_ERR, "Transparent source needs a socket"); + longjmp(c->err, 1); + } +#endif + s_log(LOG_NOTICE, "Service [%s] accepted connection", c->opt->servname); + return; + } + + /* authenticate based on retrieved IP address of the client */ + accepted_address=s_ntop(&c->peer_addr, c->peer_addr_len); +#ifdef USE_LIBWRAP + libwrap_auth(c, accepted_address); +#endif /* USE_LIBWRAP */ + auth_user(c, accepted_address); + s_log(LOG_NOTICE, "Service [%s] accepted connection from %s", + c->opt->servname, accepted_address); + str_free(accepted_address); +} + +static void init_remote(CLI *c) { + /* where to bind connecting socket */ + if(c->opt->option.local) /* outgoing interface */ + c->bind_addr=&c->opt->source_addr; +#ifndef USE_WIN32 + else if(c->opt->option.transparent_src) + c->bind_addr=&c->peer_addr; +#endif + else + c->bind_addr=NULL; /* don't bind */ + + /* setup c->remote_fd, now */ + if(c->opt->option.remote) { /* try remote first for exec+connect targets */ + c->remote_fd.fd=connect_remote(c); + } else if(c->opt->option.program) { /* exec+connect uses local fd */ + c->remote_fd.fd=connect_local(c); + } else { + s_log(LOG_ERR, "INTERNAL ERROR: No target for remote socket"); + longjmp(c->err, 1); + } + + c->remote_fd.is_socket=1; /* always! */ + s_log(LOG_DEBUG, "Remote socket (FD=%d) initialized", c->remote_fd.fd); + if(set_socket_options(c->remote_fd.fd, 2)) + s_log(LOG_WARNING, "Failed to set remote socket options"); +} + +static void init_ssl(CLI *c) { + int i, err; + SSL_SESSION *old_session; + int unsafe_openssl; + + c->ssl=SSL_new(c->opt->ctx); + if(!c->ssl) { + sslerror("SSL_new"); + longjmp(c->err, 1); + } + SSL_set_ex_data(c->ssl, cli_index, c); /* for callbacks */ + if(c->opt->option.client) { +#ifndef OPENSSL_NO_TLSEXT + if(c->opt->sni) { + s_log(LOG_DEBUG, "SNI: host name: %s", c->opt->sni); + if(!SSL_set_tlsext_host_name(c->ssl, c->opt->sni)) { + sslerror("SSL_set_tlsext_host_name"); + longjmp(c->err, 1); + } + } +#endif + if(c->opt->session) { + enter_critical_section(CRIT_SESSION); + SSL_set_session(c->ssl, c->opt->session); + leave_critical_section(CRIT_SESSION); + } + SSL_set_fd(c->ssl, c->remote_fd.fd); + SSL_set_connect_state(c->ssl); + } else { + if(c->local_rfd.fd==c->local_wfd.fd) + SSL_set_fd(c->ssl, c->local_rfd.fd); + else { + /* does it make sense to have SSL on STDIN/STDOUT? */ + SSL_set_rfd(c->ssl, c->local_rfd.fd); + SSL_set_wfd(c->ssl, c->local_wfd.fd); + } + SSL_set_accept_state(c->ssl); + } + + /* setup some values for transfer() function */ + if(c->opt->option.client) { + c->sock_rfd=&(c->local_rfd); + c->sock_wfd=&(c->local_wfd); + c->ssl_rfd=c->ssl_wfd=&(c->remote_fd); + } else { + c->sock_rfd=c->sock_wfd=&(c->remote_fd); + c->ssl_rfd=&(c->local_rfd); + c->ssl_wfd=&(c->local_wfd); + } + + unsafe_openssl=SSLeay()<0x0090810fL || + (SSLeay()>=0x10000000L && SSLeay()<0x1000002fL); + while(1) { + /* critical section for OpenSSL version < 0.9.8p or 1.x.x < 1.0.0b * + * this critical section is a crude workaround for CVE-2010-3864 * + * see http://www.securityfocus.com/bid/44884 for details * + * alternative solution is to disable internal session caching * + * NOTE: this critical section also covers callbacks (e.g. OCSP) */ + if(unsafe_openssl) + enter_critical_section(CRIT_SSL); + + if(c->opt->option.client) + i=SSL_connect(c->ssl); + else + i=SSL_accept(c->ssl); + + if(unsafe_openssl) + leave_critical_section(CRIT_SSL); + + err=SSL_get_error(c->ssl, i); + if(err==SSL_ERROR_NONE) + break; /* ok -> done */ + if(err==SSL_ERROR_WANT_READ || err==SSL_ERROR_WANT_WRITE) { + s_poll_init(c->fds); + s_poll_add(c->fds, c->ssl_rfd->fd, + err==SSL_ERROR_WANT_READ, + err==SSL_ERROR_WANT_WRITE); + switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { + case -1: + sockerror("init_ssl: s_poll_wait"); + longjmp(c->err, 1); + case 0: + s_log(LOG_INFO, "init_ssl: s_poll_wait:" + " TIMEOUTbusy exceeded: sending reset"); + longjmp(c->err, 1); + case 1: + break; /* OK */ + default: + s_log(LOG_ERR, "init_ssl: s_poll_wait: unknown result"); + longjmp(c->err, 1); + } + continue; /* ok -> retry */ + } + if(err==SSL_ERROR_SYSCALL) { + switch(get_last_socket_error()) { + case S_EINTR: + case S_EWOULDBLOCK: +#if S_EAGAIN!=S_EWOULDBLOCK + case S_EAGAIN: +#endif + continue; + } + } + if(c->opt->option.client) + sslerror("SSL_connect"); + else + sslerror("SSL_accept"); + longjmp(c->err, 1); + } + if(SSL_session_reused(c->ssl)) { + s_log(LOG_INFO, "SSL %s: previous session reused", + c->opt->option.client ? "connected" : "accepted"); + } else { /* a new session was negotiated */ +#ifdef USE_WIN32 + win_new_chain(c); +#endif + if(c->opt->option.client) { + s_log(LOG_INFO, "SSL connected: new session negotiated"); + enter_critical_section(CRIT_SESSION); + old_session=c->opt->session; + c->opt->session=SSL_get1_session(c->ssl); /* store it */ + if(old_session) + SSL_SESSION_free(old_session); /* release the old one */ + leave_critical_section(CRIT_SESSION); + } else + s_log(LOG_INFO, "SSL accepted: new session negotiated"); + print_cipher(c); + } +} + +#ifdef USE_WIN32 +static void win_new_chain(CLI *c) { + BIO *bio; + int i, len; + X509 *peer=NULL; + STACK_OF(X509) *sk; + char *chain; + + if(c->opt->chain) /* already cached */ + return; /* this race condition is safe to ignore */ + bio=BIO_new(BIO_s_mem()); + if(!bio) + return; + sk=SSL_get_peer_cert_chain(c->ssl); + for(i=0; sk && iopt->option.client) { + peer=SSL_get_peer_certificate(c->ssl); + if(peer) { + PEM_write_bio_X509(bio, peer); + X509_free(peer); + } + } + len=BIO_pending(bio); + if(len<=0) { + s_log(LOG_INFO, "No peer certificate received"); + BIO_free(bio); + return; + } + chain=str_alloc(len+1); + len=BIO_read(bio, chain, len); + if(len<0) { + s_log(LOG_ERR, "BIO_read failed"); + BIO_free(bio); + str_free(chain); + return; + } + chain[len]='\0'; + BIO_free(bio); + str_detach(chain); /* to prevent automatic deallocation of cached value */ + c->opt->chain=chain; /* this race condition is safe to ignore */ + PostMessage(hwnd, WM_NEW_CHAIN, c->opt->section_number, 0); + s_log(LOG_DEBUG, "Peer certificate was cached (%d bytes)", len); +} +#endif + +/****************************** transfer data */ +static void transfer(CLI *c) { + int watchdog=0; /* a counter to detect an infinite loop */ + int num, err; + /* logical channels (not file descriptors!) open for read or write */ + int sock_open_rd=1, sock_open_wr=1; + /* awaited conditions on SSL file descriptors */ + int shutdown_wants_read=0, shutdown_wants_write=0; + int read_wants_read, read_wants_write=0; + int write_wants_read=0, write_wants_write; + /* actual conditions on file descriptors */ + int sock_can_rd, sock_can_wr, ssl_can_rd, ssl_can_wr; + + c->sock_ptr=c->ssl_ptr=0; + + do { /* main loop of client data transfer */ + /****************************** initialize *_wants_* */ + read_wants_read=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN) + && c->ssl_ptrssl)&SSL_SENT_SHUTDOWN) + && c->sock_ptr && !write_wants_read; + + /****************************** setup c->fds structure */ + s_poll_init(c->fds); /* initialize the structure */ + /* for plain socket open data strem = open file descriptor */ + /* make sure to add each open socket to receive exceptions! */ + if(sock_open_rd) + s_poll_add(c->fds, c->sock_rfd->fd, c->sock_ptrfds, c->sock_wfd->fd, 0, c->ssl_ptr); + /* for SSL assume that sockets are open if there any pending requests */ + if(read_wants_read || write_wants_read || shutdown_wants_read) + s_poll_add(c->fds, c->ssl_rfd->fd, 1, 0); + if(read_wants_write || write_wants_write || shutdown_wants_write) + s_poll_add(c->fds, c->ssl_wfd->fd, 0, 1); + + /****************************** wait for an event */ + err=s_poll_wait(c->fds, + (sock_open_rd && /* both peers open */ + !(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)) || + c->ssl_ptr /* data buffered to write to socket */ || + c->sock_ptr /* data buffered to write to SSL */ ? + c->opt->timeout_idle : c->opt->timeout_close, 0); + switch(err) { + case -1: + sockerror("transfer: s_poll_wait"); + longjmp(c->err, 1); + case 0: /* timeout */ + if((sock_open_rd && + !(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)) || + c->ssl_ptr || c->sock_ptr) { + s_log(LOG_INFO, "transfer: s_poll_wait:" + " TIMEOUTidle exceeded: sending reset"); + longjmp(c->err, 1); + } else { /* already closing connection */ + s_log(LOG_ERR, "transfer: s_poll_wait:" + " TIMEOUTclose exceeded: closing"); + return; /* OK */ + } + } + + /****************************** check for errors on sockets */ + err=s_poll_error(c->fds, c->sock_rfd); + if(err) { + s_log(LOG_NOTICE, + "Error detected on socket (read) file descriptor: %s (%d)", + s_strerror(err), err); + longjmp(c->err, 1); + } + if(c->sock_wfd->fd != c->sock_rfd->fd) { /* performance optimization */ + err=s_poll_error(c->fds, c->sock_wfd); + if(err) { + s_log(LOG_NOTICE, + "Error detected on socket write file descriptor: %s (%d)", + s_strerror(err), err); + longjmp(c->err, 1); + } + } + err=s_poll_error(c->fds, c->ssl_rfd); + if(err) { + s_log(LOG_NOTICE, + "Error detected on SSL (read) file descriptor: %s (%d)", + s_strerror(err), err); + longjmp(c->err, 1); + } + if(c->ssl_wfd->fd != c->ssl_rfd->fd) { /* performance optimization */ + err=s_poll_error(c->fds, c->ssl_wfd); + if(err) { + s_log(LOG_NOTICE, + "Error detected on SSL write file descriptor: %s (%d)", + s_strerror(err), err); + longjmp(c->err, 1); + } + } + + /****************************** retrieve results from c->fds */ + sock_can_rd=s_poll_canread(c->fds, c->sock_rfd->fd); + sock_can_wr=s_poll_canwrite(c->fds, c->sock_wfd->fd); + ssl_can_rd=s_poll_canread(c->fds, c->ssl_rfd->fd); + ssl_can_wr=s_poll_canwrite(c->fds, c->ssl_wfd->fd); + + /****************************** checks for internal failures */ + /* please report any internal errors to stunnel-users mailing list */ + if(!(sock_can_rd || sock_can_wr || ssl_can_rd || ssl_can_wr)) { + s_log(LOG_ERR, "INTERNAL ERROR: " + "s_poll_wait returned %d, but no descriptor is ready", err); + longjmp(c->err, 1); + } + + /****************************** send SSL close_notify alert */ + if(shutdown_wants_read || shutdown_wants_write) { + num=SSL_shutdown(c->ssl); /* send close_notify alert */ + if(num<0) /* -1 - not completed */ + err=SSL_get_error(c->ssl, num); + else /* 0 or 1 - success */ + err=SSL_ERROR_NONE; + switch(err) { + case SSL_ERROR_NONE: /* the shutdown was successfully completed */ + s_log(LOG_INFO, "SSL_shutdown successfully sent close_notify alert"); + shutdown_wants_read=shutdown_wants_write=0; + break; + case SSL_ERROR_SYSCALL: /* socket error */ + if(parse_socket_error(c, "SSL_shutdown")) + break; /* a non-critical error: retry */ + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + shutdown_wants_read=shutdown_wants_write=0; + break; + case SSL_ERROR_WANT_WRITE: + s_log(LOG_DEBUG, "SSL_shutdown returned WANT_WRITE: retrying"); + shutdown_wants_read=0; + shutdown_wants_write=1; + break; + case SSL_ERROR_WANT_READ: + s_log(LOG_DEBUG, "SSL_shutdown returned WANT_READ: retrying"); + shutdown_wants_read=1; + shutdown_wants_write=0; + break; + case SSL_ERROR_SSL: /* SSL error */ + sslerror("SSL_shutdown"); + longjmp(c->err, 1); + default: + s_log(LOG_ERR, "SSL_shutdown/SSL_get_error returned %d", err); + longjmp(c->err, 1); + } + } + + /****************************** read from socket */ + if(sock_open_rd && sock_can_rd) { + num=readsocket(c->sock_rfd->fd, + c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); + switch(num) { + case -1: + if(parse_socket_error(c, "readsocket")) + break; /* a non-critical error: retry */ + case 0: /* close */ + s_log(LOG_DEBUG, "Socket closed on read"); + sock_open_rd=0; + break; + default: + c->sock_ptr+=num; + watchdog=0; /* reset watchdog */ + } + } + + /****************************** write to socket */ + if(sock_open_wr && sock_can_wr) { + num=writesocket(c->sock_wfd->fd, c->ssl_buff, c->ssl_ptr); + switch(num) { + case -1: /* error */ + if(parse_socket_error(c, "writesocket")) + break; /* a non-critical error: retry */ + case 0: + s_log(LOG_DEBUG, "Socket closed on write"); + sock_open_rd=sock_open_wr=0; + break; + default: + memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num); + c->ssl_ptr-=num; + c->sock_bytes+=num; + watchdog=0; /* reset watchdog */ + } + } + + /****************************** update *_wants_* based on new *_ptr */ + /* this update is also required for SSL_pending() to be used */ + read_wants_read=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN) + && c->ssl_ptrssl)&SSL_SENT_SHUTDOWN) + && c->sock_ptr && !write_wants_read; + + /****************************** read from SSL */ + if((read_wants_read && (ssl_can_rd || SSL_pending(c->ssl))) || + /* it may be possible to read some pending data after + * writesocket() above made some room in c->ssl_buff */ + (read_wants_write && ssl_can_wr)) { + read_wants_write=0; + num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); + switch(err=SSL_get_error(c->ssl, num)) { + case SSL_ERROR_NONE: + if(num==0) + s_log(LOG_DEBUG, "SSL_read returned 0"); + c->ssl_ptr+=num; + watchdog=0; /* reset watchdog */ + break; + case SSL_ERROR_WANT_WRITE: + s_log(LOG_DEBUG, "SSL_read returned WANT_WRITE: retrying"); + read_wants_write=1; + break; + case SSL_ERROR_WANT_READ: /* nothing unexpected */ + break; + case SSL_ERROR_WANT_X509_LOOKUP: + s_log(LOG_DEBUG, + "SSL_read returned WANT_X509_LOOKUP: retrying"); + break; + case SSL_ERROR_SYSCALL: + if(num && parse_socket_error(c, "SSL_read")) + break; /* a non-critical error: retry */ + /* EOF -> buggy (e.g. Microsoft) peer: + * SSL socket closed without close_notify alert */ + if(c->sock_ptr) { + s_log(LOG_ERR, + "SSL socket closed on SSL_read with %d unsent byte(s)", + c->sock_ptr); + longjmp(c->err, 1); /* reset the socket */ + } + s_log(LOG_DEBUG, "SSL socket closed on SSL_read"); + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; + case SSL_ERROR_ZERO_RETURN: /* close_notify alert received */ + s_log(LOG_DEBUG, "SSL closed on SSL_read"); + if(SSL_version(c->ssl)==SSL2_VERSION) + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; + case SSL_ERROR_SSL: + sslerror("SSL_read"); + longjmp(c->err, 1); + default: + s_log(LOG_ERR, "SSL_read/SSL_get_error returned %d", err); + longjmp(c->err, 1); + } + } + + /****************************** write to SSL */ + if((write_wants_read && ssl_can_rd) || + (write_wants_write && ssl_can_wr)) { + write_wants_read=0; + num=SSL_write(c->ssl, c->sock_buff, c->sock_ptr); + switch(err=SSL_get_error(c->ssl, num)) { + case SSL_ERROR_NONE: + if(num==0) + s_log(LOG_DEBUG, "SSL_write returned 0"); + memmove(c->sock_buff, c->sock_buff+num, c->sock_ptr-num); + c->sock_ptr-=num; + c->ssl_bytes+=num; + watchdog=0; /* reset watchdog */ + break; + case SSL_ERROR_WANT_WRITE: /* nothing unexpected */ + break; + case SSL_ERROR_WANT_READ: + s_log(LOG_DEBUG, "SSL_write returned WANT_READ: retrying"); + write_wants_read=1; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + s_log(LOG_DEBUG, + "SSL_write returned WANT_X509_LOOKUP: retrying"); + break; + case SSL_ERROR_SYSCALL: /* socket error */ + if(num && parse_socket_error(c, "SSL_write")) + break; /* a non-critical error: retry */ + /* EOF -> buggy (e.g. Microsoft) peer: + * SSL socket closed without close_notify alert */ + if(c->sock_ptr) { + s_log(LOG_ERR, + "SSL socket closed on SSL_write with %d unsent byte(s)", + c->sock_ptr); + longjmp(c->err, 1); /* reset the socket */ + } + s_log(LOG_DEBUG, "SSL socket closed on SSL_write"); + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; + case SSL_ERROR_ZERO_RETURN: /* close_notify alert received */ + s_log(LOG_DEBUG, "SSL closed on SSL_write"); + if(SSL_version(c->ssl)==SSL2_VERSION) + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; + case SSL_ERROR_SSL: + sslerror("SSL_write"); + longjmp(c->err, 1); + default: + s_log(LOG_ERR, "SSL_write/SSL_get_error returned %d", err); + longjmp(c->err, 1); + } + } + + /****************************** check write shutdown conditions */ + if(sock_open_wr && SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN && !c->ssl_ptr) { + sock_open_wr=0; /* no further write allowed */ + if(!c->sock_wfd->is_socket) { + s_log(LOG_DEBUG, "Closing the socket file descriptor"); + sock_open_rd=0; /* file descriptor is ready to be closed */ + } else if(!shutdown(c->sock_wfd->fd, SHUT_WR)) { /* send TCP FIN */ + s_log(LOG_DEBUG, "Sent socket write shutdown"); + } else { + s_log(LOG_DEBUG, "Failed to send socket write shutdown"); + sock_open_rd=0; /* file descriptor is ready to be closed */ + } + } + if(!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN) && !sock_open_rd && !c->sock_ptr) { + if(SSL_version(c->ssl)!=SSL2_VERSION) { /* SSLv3, TLSv1 */ + s_log(LOG_DEBUG, "Sending close_notify alert"); + shutdown_wants_write=1; + } else { /* no alerts in SSLv2, including the close_notify alert */ + s_log(LOG_DEBUG, "Closing SSLv2 socket"); + if(c->ssl_rfd->is_socket) + shutdown(c->ssl_rfd->fd, SHUT_RD); /* notify the kernel */ + if(c->ssl_wfd->is_socket) + shutdown(c->ssl_wfd->fd, SHUT_WR); /* send TCP FIN */ + /* notify the OpenSSL library */ + SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + } + } + + /****************************** check watchdog */ + if(++watchdog>100) { /* loop executes without transferring any data */ + s_log(LOG_ERR, + "transfer() loop executes not transferring any data"); + s_log(LOG_ERR, + "please report the problem to Michal.Trojnara@mirt.net"); + stunnel_info(LOG_ERR); + s_log(LOG_ERR, "protocol=%s, SSL_pending=%d", + SSL_get_version(c->ssl), SSL_pending(c->ssl)); + s_log(LOG_ERR, "sock_open_rd=%s, sock_open_wr=%s", + sock_open_rd ? "Y" : "n", sock_open_wr ? "Y" : "n"); + s_log(LOG_ERR, "SSL_RECEIVED_SHUTDOWN=%s, SSL_SENT_SHUTDOWN=%s", + SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN ? "Y" : "n", + SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN ? "Y" : "n"); + s_log(LOG_ERR, "sock_can_rd=%s, sock_can_wr=%s", + sock_can_rd ? "Y" : "n", sock_can_wr ? "Y" : "n"); + s_log(LOG_ERR, "ssl_can_rd=%s, ssl_can_wr=%s", + ssl_can_rd ? "Y" : "n", ssl_can_wr ? "Y" : "n"); + s_log(LOG_ERR, "read_wants_read=%s, read_wants_write=%s", + read_wants_read ? "Y" : "n", read_wants_write ? "Y" : "n"); + s_log(LOG_ERR, "write_wants_read=%s, write_wants_write=%s", + write_wants_read ? "Y" : "n", write_wants_write ? "Y" : "n"); + s_log(LOG_ERR, "shutdown_wants_read=%s, shutdown_wants_write=%s", + shutdown_wants_read ? "Y" : "n", + shutdown_wants_write ? "Y" : "n"); + s_log(LOG_ERR, "socket input buffer: %d byte(s), " + "ssl input buffer: %d byte(s)", c->sock_ptr, c->ssl_ptr); + longjmp(c->err, 1); + } + + } while(sock_open_wr || !(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN) || + shutdown_wants_read || shutdown_wants_write); +} + + /* returns 0 on close and 1 on non-critical errors */ +static int parse_socket_error(CLI *c, const char *text) { + switch(get_last_socket_error()) { + /* http://tangentsoft.net/wskfaq/articles/bsd-compatibility.html */ + case 0: /* close on read, or close on write on WIN32 */ +#ifndef USE_WIN32 + case EPIPE: /* close on write on Unix */ +#endif + case S_ECONNABORTED: + s_log(LOG_INFO, "%s: Socket is closed", text); + return 0; + case S_EINTR: + s_log(LOG_DEBUG, "%s: Interrupted by a signal: retrying", text); + return 1; + case S_EWOULDBLOCK: + s_log(LOG_NOTICE, "%s: Would block: retrying", text); + sleep(1); /* Microsoft bug KB177346 */ + return 1; +#if S_EAGAIN!=S_EWOULDBLOCK + case S_EAGAIN: + s_log(LOG_DEBUG, + "%s: Temporary lack of resources: retrying", text); + return 1; +#endif + default: + sockerror(text); + longjmp(c->err, 1); + } +} + +static void print_cipher(CLI *c) { /* print negotiated cipher */ + SSL_CIPHER *cipher; +#if !defined(OPENSSL_NO_COMP) && OPENSSL_VERSION_NUMBER>=0x0090800fL + const COMP_METHOD *compression, *expansion; +#endif + + if(global_options.debug_levelssl); + s_log(LOG_INFO, "Negotiated %s ciphersuite: %s (%d-bit encryption)", + SSL_CIPHER_get_version(cipher), SSL_CIPHER_get_name(cipher), + SSL_CIPHER_get_bits(cipher, NULL)); + +#if !defined(OPENSSL_NO_COMP) && OPENSSL_VERSION_NUMBER>=0x0090800fL + compression=SSL_get_current_compression(c->ssl); + expansion=SSL_get_current_expansion(c->ssl); + s_log(LOG_INFO, "Compression: %s, expansion: %s", + compression ? SSL_COMP_get_name(compression) : "null", + expansion ? SSL_COMP_get_name(expansion) : "null"); +#endif +} + +static void auth_user(CLI *c, char *accepted_address) { +#ifndef _WIN32_WCE + struct servent *s_ent; /* structure for getservbyname */ +#endif + SOCKADDR_UNION ident; /* IDENT socket name */ + char *line, *type, *system, *user; + + if(!c->opt->username) + return; /* -u option not specified */ +#ifdef HAVE_STRUCT_SOCKADDR_UN + if(c->peer_addr.sa.sa_family==AF_UNIX) { + s_log(LOG_INFO, "IDENT not supported on Unix sockets"); + return; + } +#endif + c->fd=s_socket(c->peer_addr.sa.sa_family, SOCK_STREAM, + 0, 1, "socket (auth_user)"); + if(c->fd<0) + longjmp(c->err, 1); + memcpy(&ident, &c->peer_addr, c->peer_addr_len); +#ifndef _WIN32_WCE + s_ent=getservbyname("auth", "tcp"); + if(s_ent) { + ident.in.sin_port=s_ent->s_port; + } else +#endif + { + s_log(LOG_WARNING, "Unknown service 'auth': using default 113"); + ident.in.sin_port=htons(113); + } + if(connect_blocking(c, &ident, addr_len(&ident))) + longjmp(c->err, 1); + s_log(LOG_DEBUG, "IDENT server connected"); + fd_printf(c, c->fd, "%u , %u", + ntohs(c->peer_addr.in.sin_port), + ntohs(c->opt->local_addr.in.sin_port)); + line=fd_getline(c, c->fd); + closesocket(c->fd); + c->fd=-1; /* avoid double close on cleanup */ + type=strchr(line, ':'); + if(!type) { + s_log(LOG_ERR, "Malformed IDENT response"); + str_free(line); + longjmp(c->err, 1); + } + *type++='\0'; + system=strchr(type, ':'); + if(!system) { + s_log(LOG_ERR, "Malformed IDENT response"); + str_free(line); + longjmp(c->err, 1); + } + *system++='\0'; + if(strcmp(type, " USERID ")) { + s_log(LOG_ERR, "Incorrect INETD response type"); + str_free(line); + longjmp(c->err, 1); + } + user=strchr(system, ':'); + if(!user) { + s_log(LOG_ERR, "Malformed IDENT response"); + str_free(line); + longjmp(c->err, 1); + } + *user++='\0'; + while(*user==' ') /* skip leading spaces */ + ++user; + if(strcmp(user, c->opt->username)) { + safestring(user); + s_log(LOG_WARNING, "Connection from %s REFUSED by IDENT (user %s)", + accepted_address, user); + str_free(line); + longjmp(c->err, 1); + } + s_log(LOG_INFO, "IDENT authentication passed"); + str_free(line); +} + +#if defined(_WIN32_WCE) || defined(__vms) + +static int connect_local(CLI *c) { /* spawn local process */ + s_log(LOG_ERR, "Local mode is not supported on this platform"); + longjmp(c->err, 1); + return -1; /* some C compilers require a return value */ +} + +#elif defined(USE_WIN32) + +static int connect_local(CLI *c) { /* spawn local process */ + int fd[2]; + STARTUPINFO si; + PROCESS_INFORMATION pi; + LPTSTR execname_l, execargs_l; + + if(make_sockets(fd)) + longjmp(c->err, 1); + memset(&si, 0, sizeof si); + si.cb=sizeof si; + si.wShowWindow=SW_HIDE; + si.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES; + si.hStdInput=si.hStdOutput=si.hStdError=(HANDLE)fd[1]; + memset(&pi, 0, sizeof pi); + + execname_l=str2tstr(c->opt->execname); + execargs_l=str2tstr(c->opt->execargs); + CreateProcess(execname_l, execargs_l, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi); + str_free(execname_l); + str_free(execargs_l); + + closesocket(fd[1]); + CloseHandle(pi.hProcess); + CloseHandle(pi.hThread); + return fd[0]; +} + +#else /* standard Unix version */ + +static int connect_local(CLI *c) { /* spawn local process */ + char *name, host[40]; + int fd[2], pid; + X509 *peer; +#ifdef HAVE_PTHREAD_SIGMASK + sigset_t newmask; +#endif + + if(c->opt->option.pty) { + char tty[64]; + + if(pty_allocate(fd, fd+1, tty)) + longjmp(c->err, 1); + s_log(LOG_DEBUG, "TTY=%s allocated", tty); + } else + if(make_sockets(fd)) + longjmp(c->err, 1); + + pid=fork(); + c->pid=(unsigned long)pid; + switch(pid) { + case -1: /* error */ + closesocket(fd[0]); + closesocket(fd[1]); + ioerror("fork"); + longjmp(c->err, 1); + case 0: /* child */ + closesocket(fd[0]); + set_nonblock(fd[1], 0); /* switch back to blocking mode */ + /* dup2() does not copy FD_CLOEXEC flag */ + dup2(fd[1], 0); + dup2(fd[1], 1); + if(!global_options.option.foreground) + dup2(fd[1], 2); + closesocket(fd[1]); /* not really needed due to FD_CLOEXEC */ + + if(!getnameinfo(&c->peer_addr.sa, c->peer_addr_len, + host, 40, NULL, 0, NI_NUMERICHOST)) { + /* just don't set these variables if getnameinfo() fails */ + putenv(str_printf("REMOTE_HOST=%s", host)); + if(c->opt->option.transparent_src) { + putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so"); + /* for Tru64 _RLD_LIST is used instead */ + putenv("_RLD_LIST=" LIBDIR "/libstunnel.so:DEFAULT"); + } + } + + if(c->ssl) { + peer=SSL_get_peer_certificate(c->ssl); + if(peer) { + name=X509_NAME_oneline(X509_get_subject_name(peer), NULL, 0); + safestring(name); + putenv(str_printf("SSL_CLIENT_DN=%s", name)); + name=X509_NAME_oneline(X509_get_issuer_name(peer), NULL, 0); + safestring(name); + putenv(str_printf("SSL_CLIENT_I_DN=%s", name)); + X509_free(peer); + } + } +#ifdef HAVE_PTHREAD_SIGMASK + sigemptyset(&newmask); + sigprocmask(SIG_SETMASK, &newmask, NULL); +#endif + execvp(c->opt->execname, c->opt->execargs); + ioerror(c->opt->execname); /* execv failed */ + _exit(1); + default: /* parent */ + s_log(LOG_INFO, "Local mode child started (PID=%lu)", c->pid); + closesocket(fd[1]); + return fd[0]; + } +} + +#endif /* not USE_WIN32 or __vms */ + +/* connect remote host */ +static int connect_remote(CLI *c) { + int fd, ind_try, ind_cur; + SOCKADDR_LIST *remote_addr; /* list of connect_blocking() targets */ + + remote_addr=dynamic_remote_addr(c); + /* try to connect each host from the list */ + for(ind_try=0; ind_trynum; ind_try++) { + if(c->opt->failover==FAILOVER_RR) { + ind_cur=remote_addr->cur; + /* the race condition here can be safely ignored */ + remote_addr->cur=(ind_cur+1)%remote_addr->num; + } else { /* FAILOVER_PRIO */ + ind_cur=ind_try; /* ignore remote_addr->cur */ + } + + c->fd=s_socket(remote_addr->addr[ind_cur].sa.sa_family, + SOCK_STREAM, 0, 1, "remote socket"); + if(c->fd<0) + longjmp(c->err, 1); + + local_bind(c); /* explicit local bind or transparent proxy */ + + if(connect_blocking(c, &remote_addr->addr[ind_cur], + addr_len(&remote_addr->addr[ind_cur]))) { + closesocket(c->fd); + c->fd=-1; + continue; /* next IP */ + } + print_bound_address(c); + fd=c->fd; + c->fd=-1; + return fd; /* success! */ + } + longjmp(c->err, 1); + return -1; /* some C compilers require a return value */ +} + +static SOCKADDR_LIST *dynamic_remote_addr(CLI *c) { +#ifdef SO_ORIGINAL_DST + socklen_t addrlen=sizeof(SOCKADDR_UNION); +#endif /* SO_ORIGINAL_DST */ + + /* check if the address was already set by a dynamic protocol + * implemented protocols: CONNECT + * protocols to be implemented: SOCKS4 */ + if(c->connect_addr.num) + return &c->connect_addr; + +#ifdef SO_ORIGINAL_DST + if(c->opt->option.transparent_dst) { + c->connect_addr.num=1; + c->connect_addr.addr=str_alloc(sizeof(SOCKADDR_UNION)); + if(getsockopt(c->local_rfd.fd, SOL_IP, SO_ORIGINAL_DST, + c->connect_addr.addr, &addrlen)) { + sockerror("setsockopt SO_ORIGINAL_DST"); + longjmp(c->err, 1); + } + return &c->connect_addr; + } +#endif /* SO_ORIGINAL_DST */ + + if(c->opt->option.delayed_lookup) { + if(!name2addrlist(&c->connect_addr, + c->opt->connect_name, DEFAULT_LOOPBACK)) { + s_log(LOG_ERR, "No host resolved"); + longjmp(c->err, 1); + } + return &c->connect_addr; + } + + return &c->opt->connect_addr; /* use pre-resolved (static) addresses */ +} + +static void local_bind(CLI *c) { + int on; + + on=1; + if(!c->bind_addr) + return; +#if defined(USE_WIN32) + /* do nothing */ +#elif defined(__linux__) + /* non-local bind on Linux */ + if(c->opt->option.transparent_src) { + if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on)) { + sockerror("setsockopt IP_TRANSPARENT"); + if(setsockopt(c->fd, SOL_IP, IP_FREEBIND, &on, sizeof on)) + sockerror("setsockopt IP_FREEBIND"); + else + s_log(LOG_INFO, "IP_FREEBIND socket option set"); + } else + s_log(LOG_INFO, "IP_TRANSPARENT socket option set"); + /* ignore the error to retain Linux 2.2 compatibility */ + /* the error will be handled by bind(), anyway */ + } +#elif defined(IP_BINDANY) && defined(IPV6_BINDANY) + /* non-local bind on FreeBSD */ + if(c->opt->option.transparent_src) { + if(c->bind_addr->sa.sa_family==AF_INET) { /* IPv4 */ + if(setsockopt(c->fd, IPPROTO_IP, IP_BINDANY, &on, sizeof on)) { + sockerror("setsockopt IP_BINDANY"); + longjmp(c->err, 1); + } + } else { /* IPv6 */ + if(setsockopt(c->fd, IPPROTO_IPV6, IPV6_BINDANY, &on, sizeof on)) { + sockerror("setsockopt IPV6_BINDANY"); + longjmp(c->err, 1); + } + } + } +#else + /* unsupported platform */ + if(c->opt->option.transparent_src) { + s_log(LOG_ERR, "Transparent proxy in remote mode is not supported" + " on this platform"); + longjmp(c->err, 1); + } +#endif + + if(ntohs(c->bind_addr->in.sin_port)>=1024) { /* security check */ + /* this is currently only possible with transparent_src */ + if(!bind(c->fd, &c->bind_addr->sa, addr_len(c->bind_addr))) { + s_log(LOG_INFO, "local_bind succeeded on the original port"); + return; /* success */ + } + if(get_last_socket_error()!=S_EADDRINUSE) { + sockerror("local_bind (original port)"); + longjmp(c->err, 1); + } + } + + c->bind_addr->in.sin_port=htons(0); /* retry with ephemeral port */ + if(!bind(c->fd, &c->bind_addr->sa, addr_len(c->bind_addr))) { + s_log(LOG_INFO, "local_bind succeeded on an ephemeral port"); + return; /* success */ + } + sockerror("local_bind (ephemeral port)"); + longjmp(c->err, 1); +} + +static void print_bound_address(CLI *c) { + char *txt; + SOCKADDR_UNION addr; + socklen_t addrlen=sizeof addr; + + if(global_options.debug_levelfd, (struct sockaddr *)&addr, &addrlen)) { + sockerror("getsockname"); + return; + } + txt=s_ntop(&addr, addrlen); + s_log(LOG_NOTICE,"Service [%s] connected remote server from %s", + c->opt->servname, txt); + str_free(txt); +} + +static void reset(int fd, char *txt) { /* set lingering on a socket */ + struct linger l; + + l.l_onoff=1; + l.l_linger=0; + if(setsockopt(fd, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof l)) + log_error(LOG_DEBUG, get_last_socket_error(), txt); +} + +/* end of client.c */ diff --git a/src/common.h b/src/common.h new file mode 100644 index 0000000..4f85e2f --- /dev/null +++ b/src/common.h @@ -0,0 +1,488 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#ifndef COMMON_H +#define COMMON_H + +#include "version.h" + + +/**************************************** common constants */ + +#define LIBWRAP_CLIENTS 5 + +/* CPU stack size */ +#define DEFAULT_STACK_SIZE 65536 +/* #define DEBUG_STACK_SIZE */ + +/* I/O buffer size - 18432 is the maximum size of SSL record payload */ +#define BUFFSIZE 18432 + +/* how many bytes of random input to read from files for PRNG */ +/* OpenSSL likes at least 128 bits, so 64 bytes seems plenty. */ +#define RANDOM_BYTES 64 + +/* for FormatGuard */ +/* #define __NO_FORMATGUARD_ */ + +/* additional diagnostic messages */ +/* #define DEBUG_FD_ALLOC */ + +/**************************************** platform */ + +#ifdef _WIN32 +#define USE_WIN32 +#endif + +#ifdef _WIN32_WCE +#define USE_WIN32 +typedef int socklen_t; +#endif + +#ifdef USE_WIN32 +#define USE_IPv6 +#define _CRT_SECURE_NO_DEPRECATE +#define _CRT_NONSTDC_NO_DEPRECATE +#define HAVE_OSSL_ENGINE_H +#define HAVE_OSSL_OCSP_H +/* prevent including wincrypt.h, as it defines it's own OCSP_RESPONSE */ +#define __WINCRYPT_H__ +#endif + +#ifdef USE_WIN32 +#define S_EADDRINUSE WSAEADDRINUSE +/* winsock does not define WSAEAGAIN */ +/* in most (but not all!) BSD implementations EAGAIN==EWOULDBLOCK */ +#define S_EAGAIN WSAEWOULDBLOCK +#define S_ECONNRESET WSAECONNRESET +#define S_EINPROGRESS WSAEINPROGRESS +#define S_EINTR WSAEINTR +#define S_EINVAL WSAEINVAL +#define S_EISCONN WSAEISCONN +#define S_EMFILE WSAEMFILE +/* winsock does not define WSAENFILE */ +#define S_ENOBUFS WSAENOBUFS +/* winsock does not define WSAENOMEM */ +#define S_ENOPROTOOPT WSAENOPROTOOPT +#define S_ENOTSOCK WSAENOTSOCK +#define S_EOPNOTSUPP WSAEOPNOTSUPP +#define S_EWOULDBLOCK WSAEWOULDBLOCK +#define S_ECONNABORTED WSAECONNABORTED +#else /* USE_WIN32 */ +#define S_EADDRINUSE EADDRINUSE +#define S_EAGAIN EAGAIN +#define S_ECONNRESET ECONNRESET +#define S_EINPROGRESS EINPROGRESS +#define S_EINTR EINTR +#define S_EINVAL EINVAL +#define S_EISCONN EISCONN +#define S_EMFILE EMFILE +#ifdef ENFILE +#define S_ENFILE ENFILE +#endif +#ifdef ENOBUFS +#define S_ENOBUFS ENOBUFS +#endif +#ifdef ENOMEM +#define S_ENOMEM ENOMEM +#endif +#define S_ENOPROTOOPT ENOPROTOOPT +#define S_ENOTSOCK ENOTSOCK +#define S_EOPNOTSUPP EOPNOTSUPP +#define S_EWOULDBLOCK EWOULDBLOCK +#define S_ECONNABORTED ECONNABORTED +#endif /* USE_WIN32 */ + +/**************************************** generic headers */ + +#ifdef __vms +#include +#endif /* __vms */ + +/* for nsr-tandem-nsk architecture */ +#ifdef __TANDEM +#include +#endif + +/* threads model */ +#ifdef USE_UCONTEXT +#define __MAKECONTEXT_V2_SOURCE +#include +#endif + +#ifdef USE_PTHREAD +#ifndef THREADS +#define THREADS +#endif +#ifndef _REENTRANT +/* _REENTRANT is required for thread-safe errno on Solaris */ +#define _REENTRANT +#endif +#ifndef _THREAD_SAFE +#define _THREAD_SAFE +#endif +#include +#endif + +/* TCP wrapper */ +#if defined HAVE_TCPD_H && defined HAVE_LIBWRAP +#define USE_LIBWRAP 1 +#endif + +/* must be included before sys/stat.h for Ultrix */ +/* must be included before sys/socket.h for OpenBSD */ +#include /* u_short, u_long */ +/* general headers */ +#include +/* must be included before sys/stat.h for Ultrix */ +#ifndef _WIN32_WCE +#include +#endif +#include +#include /* va_ */ +#include +#include /* isalnum */ +#include +#include /* stat */ +#include +#include + +/**************************************** WIN32 headers */ + +#ifdef USE_WIN32 + +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned long u32; + +#define HAVE_STRUCT_ADDRINFO +#define HAVE_SNPRINTF +#define snprintf _snprintf +#define HAVE_VSNPRINTF +#define vsnprintf _vsnprintf +#define strcasecmp _stricmp +#define strncasecmp _strnicmp +#define sleep(c) Sleep(1000*(c)) + +#define get_last_socket_error() WSAGetLastError() +#define set_last_socket_error(e) WSASetLastError(e) +#define get_last_error() GetLastError() +#define set_last_error(e) SetLastError(e) +#define readsocket(s,b,n) recv((s),(b),(n),0) +#define writesocket(s,b,n) send((s),(b),(n),0) + +/* #define FD_SETSIZE 4096 */ +/* #define Win32_Winsock */ +#define __USE_W32_SOCKETS + +/* Winsock2 header for IPv6 definitions */ +#include +#include + +#include + +#include /* _beginthread */ +#include + +#include "resources.h" + +/**************************************** non-WIN32 headers */ + +#else /* USE_WIN32 */ + +#if SIZEOF_UNSIGNED_CHAR == 1 +typedef unsigned char u8; +#endif + +#if SIZEOF_UNSIGNED_SHORT == 2 +typedef unsigned short u16; +#else +typedef unsigned int u16; +#endif + +#if SIZEOF_UNSIGNED_INT == 4 +typedef unsigned int u32; +#else +typedef unsigned long u32; +#endif + +#ifdef __INNOTEK_LIBC__ +#define socklen_t __socklen_t +#define strcasecmp stricmp +#define strncasecmp strnicmp +#define NI_NUMERICHOST 1 +#define NI_NUMERICSERV 2 +#define get_last_socket_error() sock_errno() +#define set_last_socket_error(e) () +#define get_last_error() errno +#define set_last_error(e) (errno=(e)) +#define readsocket(s,b,n) recv((s),(b),(n),0) +#define writesocket(s,b,n) send((s),(b),(n),0) +#define closesocket(s) close(s) +#define ioctlsocket(a,b,c) so_ioctl((a),(b),(c)) +#else +#define get_last_socket_error() errno +#define set_last_socket_error(e) (errno=(e)) +#define get_last_error() errno +#define set_last_error(e) (errno=(e)) +#define readsocket(s,b,n) read((s),(b),(n)) +#define writesocket(s,b,n) write((s),(b),(n)) +#define closesocket(s) close(s) +#define ioctlsocket(a,b,c) ioctl((a),(b),(c)) +#endif + + /* OpenVMS compatibility */ +#ifdef __vms +#define LIBDIR "__NA__" +#define PIDFILE "SYS$LOGIN:STUNNEL.PID" +#ifdef __alpha +#define HOST "alpha-openvms" +#else +#define HOST "vax-openvms" +#endif +#include +#include +#else /* __vms */ +#include +#endif /* __vms */ + + /* Unix-specific headers */ +#include /* signal */ +#include /* wait */ +#ifdef HAVE_SYS_RESOURCE_H +#include /* getrlimit */ +#endif +#ifdef HAVE_UNISTD_H +#include /* getpid, fork, execvp, exit */ +#endif +#ifdef HAVE_STROPTS_H +#include +#endif +#ifdef HAVE_MALLOC_H +#include /* mallopt */ +#endif +#ifdef HAVE_SYS_SELECT_H +#include /* for aix */ +#endif + +#if defined(HAVE_POLL) && !defined(BROKEN_POLL) +#ifdef HAVE_POLL_H +#include +#define USE_POLL +#else /* HAVE_POLL_H */ +#ifdef HAVE_SYS_POLL_H +#include +#define USE_POLL +#endif /* HAVE_SYS_POLL_H */ +#endif /* HAVE_POLL_H */ +#endif /* HAVE_POLL && !BROKEN_POLL */ + +#ifdef HAVE_SYS_FILIO_H +#include /* for FIONBIO */ +#endif +#include +#ifdef HAVE_GRP_H +#include +#endif +#ifdef __BEOS__ +#include +#endif + +#ifdef HAVE_SYS_UIO_H +#include /* struct iovec */ +#endif /* HAVE_SYS_UIO_H */ + +#include /* struct sockaddr_in */ +#include /* getpeername */ +#include /* inet_ntoa */ +#include /* select */ +#include /* ioctl */ +#ifdef HAVE_SYS_UN_H +#include +#endif +#include +#include +#ifndef INADDR_ANY +#define INADDR_ANY (u32)0x00000000 +#endif +#ifndef INADDR_LOOPBACK +#define INADDR_LOOPBACK (u32)0x7F000001 +#endif + +#if defined(HAVE_WAITPID) +/* for SYSV systems */ +#define wait_for_pid(a, b, c) waitpid((a), (b), (c)) +#define HAVE_WAIT_FOR_PID 1 +#elif defined(HAVE_WAIT4) +/* for BSD systems */ +#define wait_for_pid(a, b, c) wait4((a), (b), (c), NULL) +#define HAVE_WAIT_FOR_PID 1 +#endif + +/* SunOS 4 */ +#if defined(sun) && !defined(__svr4__) && !defined(__SVR4) +#define atexit(a) on_exit((a), NULL) +extern int sys_nerr; +extern char *sys_errlist[]; +#define strerror(num) ((num)==0 ? "No error" : \ + ((num)>=sys_nerr ? "Unknown error" : sys_errlist[num])) +#endif /* SunOS 4 */ + +/* AIX does not have SOL_TCP defined */ +#ifndef SOL_TCP +#define SOL_TCP SOL_SOCKET +#endif /* SOL_TCP */ + +/* Linux */ +#ifdef __linux__ +#ifndef IP_FREEBIND +/* kernel headers without IP_FREEBIND definition */ +#define IP_FREEBIND 15 +#endif /* IP_FREEBIND */ +#ifndef IP_TRANSPARENT +/* kernel headers without IP_TRANSPARENT definition */ +#define IP_TRANSPARENT 19 +#endif /* IP_TRANSPARENT */ +#ifdef HAVE_LINUX_NETFILTER_IPV4_H +#include +#include +#include +#endif /* HAVE_LINUX_NETFILTER_IPV4_H */ +#endif /* __linux__ */ + +#endif /* USE_WIN32 */ + +/**************************************** OpenSSL headers */ + +#define OPENSSL_THREAD_DEFINES +#include +#if defined(USE_PTHREAD) && !(defined(OPENSSL_THREADS) || \ + (OPENSSL_VERSION_NUMBER<0x0090700fL && defined(THREADS))) +#error OpenSSL library compiled without thread support +#endif /* !OPENSSL_THREADS && USE_PTHREAD */ + +#if defined (USE_WIN32) && defined(OPENSSL_FIPS) +#define USE_FIPS +#endif + +/* OpenSSL 0.9.6 comp.h needs ZLIB macro to declare COMP_zlib() */ +#define ZLIB + +#include +#include +#include +#include /* for CRYPTO_* and SSLeay_version */ +#include +#ifndef OPENSSL_NO_MD4 +#include +#endif +#include + +#ifdef HAVE_OSSL_ENGINE_H +#ifndef OPENSSL_NO_ENGINE +#include +#else +#undef HAVE_OSSL_ENGINE_H +#endif +#endif /* HAVE_OSSL_ENGINE_H */ + +/* non-blocking OCSP API is not available before OpenSSL 0.9.8h */ +#if OPENSSL_VERSION_NUMBER<0x00908080L +#ifdef HAVE_OSSL_OCSP_H +#undef HAVE_OSSL_OCSP_H +#endif /* HAVE_OSSL_OCSP_H */ +#endif /* OpenSSL older than 0.9.8h */ + +#ifdef HAVE_OSSL_OCSP_H +#include +#endif /* HAVE_OSSL_OCSP_H */ + +#ifdef USE_FIPS +#include +#include +#endif /* USE_FIPS */ + +#if OPENSSL_VERSION_NUMBER<0x0090800fL +#define OPENSSL_NO_ECDH +#endif /* OpenSSL version < 0.8.0 */ + +#if OPENSSL_VERSION_NUMBER<0x10000000L +#define OPENSSL_NO_TLSEXT +#endif /* OpenSSL version < 1.0.0 */ + +#ifndef OPENSSL_NO_COMP +/* not defined in public headers before OpenSSL 0.9.8 */ +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +#endif /* OPENSSL_NO_COMP */ + +/**************************************** other defines */ + +/* change all non-printable characters to '.' */ +#define safestring(s) \ + do {unsigned char *p; for(p=(unsigned char *)(s); *p; p++) \ + if(!isprint((int)*p)) *p='.';} while(0) +/* change all unsafe characters to '.' */ +#define safename(s) \ + do {unsigned char *p; for(p=(s); *p; p++) \ + if(!isalnum((int)*p)) *p='.';} while(0) + +/* always use IPv4 defaults! */ +#define DEFAULT_LOOPBACK "127.0.0.1" +#define DEFAULT_ANY "0.0.0.0" +#if 0 +#define DEFAULT_LOOPBACK "::1" +#define DEFAULT_ANY "::" +#endif + +#if defined (USE_WIN32) || defined (__vms) +#define LOG_EMERG 0 +#define LOG_ALERT 1 +#define LOG_CRIT 2 +#define LOG_ERR 3 +#define LOG_WARNING 4 +#define LOG_NOTICE 5 +#define LOG_INFO 6 +#define LOG_DEBUG 7 +#endif /* defined (USE_WIN32) || defined (__vms) */ + +#ifndef offsetof +#define offsetof(T, F) ((unsigned int)((char *)&((T *)0L)->F - (char *)0L)) +#endif + +#endif /* defined COMMON_H */ + +/* end of common.h */ diff --git a/src/config.h.in b/src/config.h.in new file mode 100644 index 0000000..7ff12b8 --- /dev/null +++ b/src/config.h.in @@ -0,0 +1,269 @@ +/* src/config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to 1 if you have a broken 'poll' implementation. */ +#undef BROKEN_POLL + +/* Entropy Gathering Daemon socket path */ +#undef EGD_SOCKET + +/* Define to 1 if you have the `accept4' function. */ +#undef HAVE_ACCEPT4 + +/* Define to 1 if you have the `chroot' function. */ +#undef HAVE_CHROOT + +/* Define to 1 if you have the `daemon' function. */ +#undef HAVE_DAEMON + +/* Define to 1 if you have '/dev/ptmx' device. */ +#undef HAVE_DEV_PTMX + +/* Define to 1 if you have '/dev/ptc' device. */ +#undef HAVE_DEV_PTS_AND_PTC + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the `endhostent' function. */ +#undef HAVE_ENDHOSTENT + +/* Define to 1 if you have 'getaddrinfo' function. */ +#undef HAVE_GETADDRINFO + +/* Define to 1 if you have the `getcontext' function. */ +#undef HAVE_GETCONTEXT + +/* Define to 1 if you have the `gethostbyname2' function. */ +#undef HAVE_GETHOSTBYNAME2 + +/* Define to 1 if you have the `getnameinfo' function. */ +#undef HAVE_GETNAMEINFO + +/* Define to 1 if you have the `getrlimit' function. */ +#undef HAVE_GETRLIMIT + +/* Define to 1 if you have the header file. */ +#undef HAVE_GRP_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have 'libpthread' library. */ +#undef HAVE_LIBPTHREAD + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBUTIL_H + +/* Define to 1 if you have 'libwrap' library. */ +#undef HAVE_LIBWRAP + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_NETFILTER_IPV4_H + +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + +/* Define to 1 if you have the header file. */ +#undef HAVE_MALLOC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have 'msghdr.msg_control' structure. */ +#undef HAVE_MSGHDR_MSG_CONTROL + +/* Define to 1 if you have the `openpty' function. */ +#undef HAVE_OPENPTY + +/* Define to 1 if you have header file. */ +#undef HAVE_OSSL_ENGINE_H + +/* Define to 1 if you have header file. */ +#undef HAVE_OSSL_OCSP_H + +/* Define to 1 if you have the `pipe2' function. */ +#undef HAVE_PIPE2 + +/* Define to 1 if you have the `poll' function. */ +#undef HAVE_POLL + +/* Define to 1 if you have the header file. */ +#undef HAVE_POLL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_PTHREAD_H + +/* Define to 1 if you have the `pthread_sigmask' function. */ +#undef HAVE_PTHREAD_SIGMASK + +/* Define to 1 if you have the header file. */ +#undef HAVE_PTY_H + +/* Define to 1 if you have the `setgroups' function. */ +#undef HAVE_SETGROUPS + +/* Define to 1 if you have the `setsid' function. */ +#undef HAVE_SETSID + +/* Define to 1 if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STROPTS_H + +/* Define to 1 if the system has the type `struct addrinfo'. */ +#undef HAVE_STRUCT_ADDRINFO + +/* Define to 1 if `msg_control' is a member of `struct msghdr'. */ +#undef HAVE_STRUCT_MSGHDR_MSG_CONTROL + +/* Define to 1 if the system has the type `struct sockaddr_un'. */ +#undef HAVE_STRUCT_SOCKADDR_UN + +/* Define to 1 if you have the `sysconf' function. */ +#undef HAVE_SYSCONF + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_FILIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_POLL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_RESOURCE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_TCPD_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UCONTEXT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTIL_H + +/* Define to 1 if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF + +/* Define to 1 if you have the `wait4' function. */ +#undef HAVE_WAIT4 + +/* Define to 1 if you have the `waitpid' function. */ +#undef HAVE_WAITPID + +/* Define to 1 if you have the `_getpty' function. */ +#undef HAVE__GETPTY + +/* Define to 1 if you have the `__makecontext_v2' function. */ +#undef HAVE___MAKECONTEXT_V2 + +/* Host description */ +#undef HOST + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +#undef NO_MINUS_C_MINUS_O + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Random file path */ +#undef RANDOM_FILE + +/* The size of `unsigned char', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_CHAR + +/* The size of `unsigned int', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_INT + +/* The size of `unsigned long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG + +/* The size of `unsigned short', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_SHORT + +/* SSL directory */ +#undef SSLDIR + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define to 1 to enable OpenSSL FIPS mode. */ +#undef USE_FIPS + +/* Define to 1 to select FORK mode */ +#undef USE_FORK + +/* Define to 1 to enable IPv6 support */ +#undef USE_IPv6 + +/* Define to 1 to select PTHREAD mode */ +#undef USE_PTHREAD + +/* Define to 1 to select UCONTEXT mode */ +#undef USE_UCONTEXT + +/* Version number of package */ +#undef VERSION + +/* Use GNU source */ +#undef _GNU_SOURCE + +/* Type of socklen_t */ +#undef socklen_t diff --git a/src/ctx.c b/src/ctx.c new file mode 100644 index 0000000..ea01e1a --- /dev/null +++ b/src/ctx.c @@ -0,0 +1,687 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +/**************************************** prototypes */ + +/* SNI */ +#ifndef OPENSSL_NO_TLSEXT +static int servername_cb(SSL *, int *, void *); +#endif + +/* DH/ECDH initialization */ +#ifndef OPENSSL_NO_DH +static int init_dh(SERVICE_OPTIONS *); +static DH *read_dh(char *); +static DH *get_dh2048(void); +#endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_ECDH +static int init_ecdh(SERVICE_OPTIONS *); +#endif /* USE_ECDH */ + +/* loading certificate */ +static int load_certificate(SERVICE_OPTIONS *); +#if defined(USE_WIN32) || OPENSSL_VERSION_NUMBER>=0x0090700fL +static int password_cb(char *, int, int, void *); +#endif + +/* session cache callbacks */ +static int sess_new_cb(SSL *, SSL_SESSION *); +static SSL_SESSION *sess_get_cb(SSL *, unsigned char *, int, int *); +static void sess_remove_cb(SSL_CTX *, SSL_SESSION *); +static void cache_transfer(SSL_CTX *, const unsigned int, const unsigned, + const unsigned char *, const unsigned int, + const unsigned char *, const unsigned int, + unsigned char **, unsigned int *); + +/* info callbacks */ +static void info_callback( +#if OPENSSL_VERSION_NUMBER>=0x0090700fL + const +#endif + SSL *, int, int); + +static void sslerror_queue(void); +static void sslerror_log(unsigned long, char *); + +/**************************************** initialize section->ctx */ + +int context_init(SERVICE_OPTIONS *section) { /* init SSL context */ + /* create SSL context */ + if(section->option.client) + section->ctx=SSL_CTX_new(section->client_method); + else /* server mode */ + section->ctx=SSL_CTX_new(section->server_method); + if(!section->ctx) { + sslerror("SSL_CTX_new"); + return 1; /* FAILED */ + } + SSL_CTX_set_ex_data(section->ctx, opt_index, section); /* for callbacks */ + + /* initialize certificate verification */ + if(load_certificate(section)) + return 1; /* FAILED */ + if(verify_init(section)) + return 1; /* FAILED */ + + /* initialize DH/ECDH server mode */ + if(!section->option.client) { +#ifndef OPENSSL_NO_TLSEXT + SSL_CTX_set_tlsext_servername_arg(section->ctx, section); + SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb); +#endif /* OPENSSL_NO_TLSEXT */ +#ifndef OPENSSL_NO_DH + init_dh(section); /* ignore the result (errors are not critical) */ +#endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_ECDH + init_ecdh(section); /* ignore the result (errors are not critical) */ +#endif /* OPENSSL_NO_ECDH */ + } + + /* setup session cache */ + if(!section->option.client) { + unsigned int servname_len=strlen(section->servname); + if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH) + servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH; + if(!SSL_CTX_set_session_id_context(section->ctx, + (unsigned char *)section->servname, servname_len)) { + sslerror("SSL_CTX_set_session_id_context"); + return 1; /* FAILED */ + } + } + SSL_CTX_set_session_cache_mode(section->ctx, SSL_SESS_CACHE_BOTH); + SSL_CTX_set_timeout(section->ctx, section->session_timeout); + if(section->option.sessiond) { + SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb); + SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb); + SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb); + } + + /* set info callback */ + if(global_options.debug_level==LOG_DEBUG) /* performance optimization */ + SSL_CTX_set_info_callback(section->ctx, info_callback); + + /* ciphers, options, mode */ + if(section->cipher_list) + if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) { + sslerror("SSL_CTX_set_cipher_list"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "SSL options set: 0x%08lX", + SSL_CTX_set_options(section->ctx, section->ssl_options)); +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(section->ctx, + SSL_MODE_ENABLE_PARTIAL_WRITE | + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | + SSL_MODE_RELEASE_BUFFERS); +#else + SSL_CTX_set_mode(section->ctx, + SSL_MODE_ENABLE_PARTIAL_WRITE | + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#endif + return 0; /* OK */ +} + +/**************************************** SNI callback */ + +#ifndef OPENSSL_NO_TLSEXT + +static int servername_cb(SSL *ssl, int *ad, void *arg) { + SERVICE_OPTIONS *section=(SERVICE_OPTIONS *)arg; + const char *servername=SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + SERVERNAME_LIST *list; + CLI *c; +#ifdef USE_LIBWRAP + char *accepted_address; +#endif /* USE_LIBWRAP */ + + /* leave the alert type at SSL_AD_UNRECOGNIZED_NAME */ + (void)ad; /* skip warning about unused parameter */ + if(!section->servername_list_head) /* no virtual services defined */ + return SSL_TLSEXT_ERR_OK; + if(!servername) /* no SNI extension received from the client */ + return SSL_TLSEXT_ERR_NOACK; + + for(list=section->servername_list_head; list; list=list->next) + if(!strcasecmp(servername, list->servername)) { + c=SSL_get_ex_data(ssl, cli_index); + c->opt=list->opt; + SSL_set_SSL_CTX(ssl, c->opt->ctx); + SSL_set_verify(ssl, SSL_CTX_get_verify_mode(c->opt->ctx), + SSL_CTX_get_verify_callback(c->opt->ctx)); + s_log(LOG_NOTICE, "SNI: switched to section %s", + c->opt->servname); +#ifdef USE_LIBWRAP + accepted_address=s_ntop(&c->peer_addr, c->peer_addr_len); + libwrap_auth(c, accepted_address); /* retry on a service switch */ + str_free(accepted_address); +#endif /* USE_LIBWRAP */ + return SSL_TLSEXT_ERR_OK; + } + s_log(LOG_ERR, "SNI: no service defined for server %s", servername); + return SSL_TLSEXT_ERR_ALERT_FATAL; +} +/* TLSEXT callback return codes: + * - SSL_TLSEXT_ERR_OK + * - SSL_TLSEXT_ERR_ALERT_WARNING + * - SSL_TLSEXT_ERR_ALERT_FATAL + * - SSL_TLSEXT_ERR_NOACK */ + +#endif /* OPENSSL_NO_TLSEXT */ + +/**************************************** DH initialization */ + +#ifndef OPENSSL_NO_DH + +static int init_dh(SERVICE_OPTIONS *section) { + DH *dh; + + dh=read_dh(section->cert); + if(!dh) + dh=get_dh2048(); + if(!dh) { + s_log(LOG_NOTICE, "DH initialization failed"); + return 1; /* FAILED */ + } + SSL_CTX_set_tmp_dh(section->ctx, dh); + s_log(LOG_DEBUG, "DH initialized with %d-bit key", 8*DH_size(dh)); + DH_free(dh); + return 0; /* OK */ +} + +static DH *read_dh(char *cert) { + DH *dh; + BIO *bio; + + if(!cert) { + s_log(LOG_DEBUG, "No certificate available to load DH parameters"); + return NULL; /* FAILED */ + } + bio=BIO_new_file(cert, "r"); + if(!bio) { + sslerror("BIO_new_file"); + return NULL; /* FAILED */ + } + dh=PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + BIO_free(bio); + if(!dh) { + while(ERR_get_error()) + ; /* OpenSSL error queue cleanup */ + s_log(LOG_DEBUG, "Could not load DH parameters from %s", cert); + return NULL; /* FAILED */ + } + s_log(LOG_DEBUG, "Using DH parameters from %s", cert); + return dh; +} + +static DH *get_dh2048() { + static unsigned char dh2048_p[]={ /* OpenSSL DH parameters */ + 0xED,0x92,0x89,0x35,0x82,0x45,0x55,0xCB,0x3B,0xFB,0xA2,0x76, + 0x5A,0x69,0x04,0x61,0xBF,0x21,0xF3,0xAB,0x53,0xD2,0xCD,0x21, + 0xDA,0xFF,0x78,0x19,0x11,0x52,0xF1,0x0E,0xC1,0xE2,0x55,0xBD, + 0x68,0x6F,0x68,0x00,0x53,0xB9,0x22,0x6A,0x2F,0xE4,0x9A,0x34, + 0x1F,0x65,0xCC,0x59,0x32,0x8A,0xBD,0xB1,0xDB,0x49,0xED,0xDF, + 0xA7,0x12,0x66,0xC3,0xFD,0x21,0x04,0x70,0x18,0xF0,0x7F,0xD6, + 0xF7,0x58,0x51,0x19,0x72,0x82,0x7B,0x22,0xA9,0x34,0x18,0x1D, + 0x2F,0xCB,0x21,0xCF,0x6D,0x92,0xAE,0x43,0xB6,0xA8,0x29,0xC7, + 0x27,0xA3,0xCB,0x00,0xC5,0xF2,0xE5,0xFB,0x0A,0xA4,0x59,0x85, + 0xA2,0xBD,0xAD,0x45,0xF0,0xB3,0xAD,0xF9,0xE0,0x81,0x35,0xEE, + 0xD9,0x83,0xB3,0xCC,0xAE,0xEA,0xEB,0x66,0xE6,0xA9,0x57,0x66, + 0xB9,0xF1,0x28,0xA5,0x3F,0x22,0x80,0xD7,0x0B,0xA6,0xF6,0x71, + 0x93,0x9B,0x81,0x0E,0xF8,0x5A,0x90,0xE6,0xCC,0xCA,0x6F,0x66, + 0x5F,0x7A,0xC0,0x10,0x1A,0x1E,0xF0,0xFC,0x2D,0xB6,0x08,0x0C, + 0x62,0x28,0xB0,0xEC,0xDB,0x89,0x28,0xEE,0x0C,0xA8,0x3D,0x65, + 0x94,0x69,0x16,0x69,0x53,0x3C,0x53,0x60,0x13,0xB0,0x2B,0xA7, + 0xD4,0x82,0x87,0xAD,0x1C,0x72,0x9E,0x41,0x35,0xFC,0xC2,0x7C, + 0xE9,0x51,0xDE,0x61,0x85,0xFC,0x19,0x9B,0x76,0x60,0x0F,0x33, + 0xF8,0x6B,0xB3,0xCA,0x52,0x0E,0x29,0xC3,0x07,0xE8,0x90,0x16, + 0xCC,0xCC,0x00,0x19,0xB6,0xAD,0xC3,0xA4,0x30,0x8B,0x33,0xA1, + 0xAF,0xD8,0x8C,0x8D,0x9D,0x01,0xDB,0xA4,0xC4,0xDD,0x7F,0x0B, + 0xBD,0x6F,0x38,0xC3,}; + static unsigned char dh2048_g[]={0x02,}; + DH *dh; + + dh=DH_new(); + if(!dh) + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL); + if(!dh->p || !dh->g) { + DH_free(dh); + return NULL; + } + s_log(LOG_DEBUG, "Using hardcoded DH parameters"); + return dh; +} + +#endif /* OPENSSL_NO_DH */ + +/**************************************** ECDH initialization */ + +#ifndef OPENSSL_NO_ECDH +static int init_ecdh(SERVICE_OPTIONS *section) { + EC_KEY *ecdh; + + ecdh=EC_KEY_new_by_curve_name(section->curve); + if(!ecdh) { + s_log(LOG_ERR, "Unable to create curve %s", + OBJ_nid2ln(section->curve)); + return 1; /* FAILED */ + } + SSL_CTX_set_tmp_ecdh(section->ctx, ecdh); + EC_KEY_free(ecdh); + s_log(LOG_DEBUG, "ECDH initialized with curve %s", + OBJ_nid2ln(section->curve)); + return 0; /* OK */ +} +#endif /* OPENSSL_NO_ECDH */ + +/**************************************** loading certificate */ + +static int cache_initialized=0; + +static int load_certificate(SERVICE_OPTIONS *section) { + int i, reason; + UI_DATA ui_data; +#ifdef HAVE_OSSL_ENGINE_H + EVP_PKEY *pkey; + UI_METHOD *ui_method; +#endif + struct stat st; /* buffer for stat */ + + /* check if certificate exists */ + if(!section->key) /* key file not specified */ + section->key=section->cert; +#ifdef HAVE_OSSL_ENGINE_H + if(!section->engine) +#endif + if(section->key) { + if(stat(section->key, &st)) { + ioerror(section->key); + return 1; /* FAILED */ + } +#if !defined(USE_WIN32) && !defined(USE_OS2) + if(st.st_mode & 7) + s_log(LOG_WARNING, "Insecure file permissions on %s", + section->key); +#endif /* defined USE_WIN32 */ + } + + if(!section->cert) /* no certificate specified */ + return 0; /* OK */ + + ui_data.section=section; /* setup current section for callbacks */ + + s_log(LOG_DEBUG, "Certificate: %s", section->cert); + if(!SSL_CTX_use_certificate_chain_file(section->ctx, section->cert)) { + s_log(LOG_ERR, "Error reading certificate file: %s", section->cert); + sslerror("SSL_CTX_use_certificate_chain_file"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "Certificate loaded"); + + s_log(LOG_DEBUG, "Key file: %s", section->key); +#if defined(USE_WIN32) || OPENSSL_VERSION_NUMBER>=0x0090700fL + SSL_CTX_set_default_passwd_cb(section->ctx, password_cb); +#endif +#ifdef HAVE_OSSL_ENGINE_H +#ifdef USE_WIN32 + ui_method=UI_create_method("stunnel WIN32 UI"); + UI_method_set_reader(ui_method, pin_cb); +#else /* USE_WIN32 */ + ui_method=UI_OpenSSL(); +#endif /* USE_WIN32 */ + if(section->engine) + for(i=1; i<=3; i++) { + pkey=ENGINE_load_private_key(section->engine, section->key, + ui_method, &ui_data); + if(!pkey) { + reason=ERR_GET_REASON(ERR_peek_error()); + if(i<=2 && (reason==7 || reason==160)) { /* wrong PIN */ + sslerror_queue(); /* dump the error queue */ + s_log(LOG_ERR, "Wrong PIN: retrying"); + continue; + } + sslerror("ENGINE_load_private_key"); + return 1; /* FAILED */ + } + if(SSL_CTX_use_PrivateKey(section->ctx, pkey)) + break; /* success */ + sslerror("SSL_CTX_use_PrivateKey"); + return 1; /* FAILED */ + } + else +#endif /* HAVE_OSSL_ENGINE_H */ + for(i=0; i<=3; i++) { + if(!i && !cache_initialized) + continue; /* there is no cached value */ + SSL_CTX_set_default_passwd_cb_userdata(section->ctx, + i ? &ui_data : NULL); /* try the cached password first */ + if(SSL_CTX_use_PrivateKey_file(section->ctx, section->key, + SSL_FILETYPE_PEM)) + break; + reason=ERR_GET_REASON(ERR_peek_error()); + if(i<=2 && reason==EVP_R_BAD_DECRYPT) { + sslerror_queue(); /* dump the error queue */ + s_log(LOG_ERR, "Wrong pass phrase: retrying"); + continue; + } + sslerror("SSL_CTX_use_PrivateKey_file"); + return 1; /* FAILED */ + } + if(!SSL_CTX_check_private_key(section->ctx)) { + sslerror("Private key does not match the certificate"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "Private key loaded"); + return 0; /* OK */ +} + +#if defined(USE_WIN32) || OPENSSL_VERSION_NUMBER>=0x0090700fL +static int password_cb(char *buf, int size, int rwflag, void *userdata) { + static char cache[PEM_BUFSIZE]; + int len; + + if(size>PEM_BUFSIZE) + size=PEM_BUFSIZE; + + if(userdata) { /* prompt the user */ +#ifdef USE_WIN32 + len=passwd_cb(buf, size, rwflag, userdata); +#else + /* PEM_def_callback is defined in OpenSSL 0.9.7 and later */ + len=PEM_def_callback(buf, size, rwflag, NULL); +#endif + memcpy(cache, buf, size); /* save in cache */ + cache_initialized=1; + } else { /* try the cached value */ + strncpy(buf, cache, size); + buf[size-1]='\0'; + len=strlen(buf); + } + return len; +} +#endif + +/**************************************** session cache callbacks */ + +#define CACHE_CMD_NEW 0x00 +#define CACHE_CMD_GET 0x01 +#define CACHE_CMD_REMOVE 0x02 +#define CACHE_RESP_ERR 0x80 +#define CACHE_RESP_OK 0x81 + +static int sess_new_cb(SSL *ssl, SSL_SESSION *sess) { + unsigned char *val, *val_tmp; + int val_len; + + val_len=i2d_SSL_SESSION(sess, NULL); + val_tmp=val=str_alloc(val_len); + i2d_SSL_SESSION(sess, &val_tmp); + + cache_transfer(ssl->ctx, CACHE_CMD_NEW, SSL_SESSION_get_timeout(sess), + sess->session_id, sess->session_id_length, val, val_len, NULL, NULL); + str_free(val); + return 1; /* leave the session in local cache for reuse */ +} + +static SSL_SESSION *sess_get_cb(SSL *ssl, + unsigned char *key, int key_len, int *do_copy) { + unsigned char *val, *val_tmp=NULL; + unsigned int val_len=0; + SSL_SESSION *sess; + + *do_copy = 0; /* allow the session to be freed autmatically */ + cache_transfer(ssl->ctx, CACHE_CMD_GET, 0, + key, key_len, NULL, 0, &val, &val_len); + if(!val) + return NULL; + val_tmp=val; + sess=d2i_SSL_SESSION(NULL, +#if OPENSSL_VERSION_NUMBER>=0x0090800fL + (const unsigned char **) +#endif /* OpenSSL version >= 0.8.0 */ + &val_tmp, val_len); + str_free(val); + return sess; +} + +static void sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) { + cache_transfer(ctx, CACHE_CMD_REMOVE, 0, + sess->session_id, sess->session_id_length, NULL, 0, NULL, NULL); +} + +#define MAX_VAL_LEN 512 +typedef struct { + u_char version, type; + u_short timeout; + u_char key[SSL_MAX_SSL_SESSION_ID_LENGTH]; + u_char val[MAX_VAL_LEN]; +} CACHE_PACKET; + +static void cache_transfer(SSL_CTX *ctx, const unsigned int type, + const unsigned int timeout, + const unsigned char *key, const unsigned int key_len, + const unsigned char *val, const unsigned int val_len, + unsigned char **ret, unsigned int *ret_len) { + char session_id_txt[2*SSL_MAX_SSL_SESSION_ID_LENGTH+1]; + const char hex[16]="0123456789ABCDEF"; + const char *type_description[]={"new", "get", "remove"}; + unsigned int i; + int s, len; + struct timeval t; + CACHE_PACKET *packet; + SERVICE_OPTIONS *section; + + if(ret) /* set error as the default result if required */ + *ret=NULL; + + /* log the request information */ + for(i=0; i>4]; + session_id_txt[2*i+1]=hex[key[i]&0x0f]; + } + session_id_txt[2*i]='\0'; + s_log(LOG_INFO, + "cache_transfer: request=%s, timeout=%u, id=%s, length=%d", + type_description[type], timeout, session_id_txt, val_len); + + /* allocate UDP packet buffer */ + if(key_len>SSL_MAX_SSL_SESSION_ID_LENGTH) { + s_log(LOG_ERR, "cache_transfer: session id too big (%d bytes)", + key_len); + return; + } + if(val_len>MAX_VAL_LEN) { + s_log(LOG_ERR, "cache_transfer: encoded session too big (%d bytes)", + key_len); + return; + } + packet=str_alloc(sizeof(CACHE_PACKET)); + + /* setup packet */ + packet->version=1; + packet->type=type; + packet->timeout=htons((u_short)(timeout<64800?timeout:64800));/* 18 hours */ + memcpy(packet->key, key, key_len); + memcpy(packet->val, val, val_len); + + /* create the socket */ + s=s_socket(AF_INET, SOCK_DGRAM, 0, 0, "cache_transfer: socket"); + if(s<0) { + str_free(packet); + return; + } + + /* retrieve pointer to the section structure of this ctx */ + section=SSL_CTX_get_ex_data(ctx, opt_index); + if(sendto(s, (void *)packet, sizeof(CACHE_PACKET)-MAX_VAL_LEN+val_len, 0, + §ion->sessiond_addr.sa, addr_len(§ion->sessiond_addr))<0) { + sockerror("cache_transfer: sendto"); + closesocket(s); + str_free(packet); + return; + } + + if(!ret || !ret_len) { /* no response is required */ + closesocket(s); + str_free(packet); + return; + } + + /* set recvfrom timeout to 200ms */ + t.tv_sec=0; + t.tv_usec=200; + if(setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, (void *)&t, sizeof t)<0) { + sockerror("cache_transfer: setsockopt SO_RCVTIMEO"); + closesocket(s); + str_free(packet); + return; + } + + /* retrieve response */ + len=recv(s, (void *)packet, sizeof(CACHE_PACKET), 0); + closesocket(s); + if(len<0) { + if(get_last_socket_error()==S_EWOULDBLOCK || + get_last_socket_error()==S_EAGAIN) + s_log(LOG_INFO, "cache_transfer: recv timeout"); + else + sockerror("cache_transfer: recv"); + str_free(packet); + return; + } + + /* parse results */ + if(len<(int)sizeof(CACHE_PACKET)-MAX_VAL_LEN || /* too short */ + packet->version!=1 || /* wrong version */ + memcmp(packet->key, key, key_len)) { /* wrong session id */ + s_log(LOG_DEBUG, "cache_transfer: malformed packet received"); + str_free(packet); + return; + } + if(packet->type!=CACHE_RESP_OK) { + s_log(LOG_INFO, "cache_transfer: session not found"); + str_free(packet); + return; + } + *ret_len=len-(sizeof(CACHE_PACKET)-MAX_VAL_LEN); + *ret=str_alloc(*ret_len); + s_log(LOG_INFO, "cache_transfer: session found"); + memcpy(*ret, packet->val, *ret_len); + str_free(packet); +} + +/**************************************** informational callback */ + +static void info_callback( +#if OPENSSL_VERSION_NUMBER>=0x0090700fL + const +#endif + SSL *ssl, int where, int ret) { + if(where & SSL_CB_LOOP) { + s_log(LOG_DEBUG, "SSL state (%s): %s", + where & SSL_ST_CONNECT ? "connect" : + where & SSL_ST_ACCEPT ? "accept" : + "undefined", SSL_state_string_long(ssl)); + } else if(where & SSL_CB_ALERT) { + s_log(LOG_DEBUG, "SSL alert (%s): %s: %s", + where & SSL_CB_READ ? "read" : "write", + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } else if(where==SSL_CB_HANDSHAKE_DONE) { + s_log(LOG_DEBUG, "%4ld items in the session cache", + SSL_CTX_sess_number(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld client connects (SSL_connect())", + SSL_CTX_sess_connect(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld client connects that finished", + SSL_CTX_sess_connect_good(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld client renegotiations requested", + SSL_CTX_sess_connect_renegotiate(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld server connects (SSL_accept())", + SSL_CTX_sess_accept(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld server connects that finished", + SSL_CTX_sess_accept_good(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld server renegotiations requested", + SSL_CTX_sess_accept_renegotiate(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld session cache hits", + SSL_CTX_sess_hits(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld external session cache hits", + SSL_CTX_sess_cb_hits(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld session cache misses", + SSL_CTX_sess_misses(ssl->ctx)); + s_log(LOG_DEBUG, "%4ld session cache timeouts", + SSL_CTX_sess_timeouts(ssl->ctx)); + } +} + +/**************************************** SSL error reporting */ + +void sslerror(char *txt) { /* OpenSSL error handler */ + unsigned long err; + + err=ERR_get_error(); + if(err) { + sslerror_queue(); + sslerror_log(err, txt); + } else { + s_log(LOG_ERR, "%s: Peer suddenly disconnected", txt); + } +} + +static void sslerror_queue(void) { /* recursive dump of the error queue */ + unsigned long err; + + err=ERR_get_error(); + if(err) { + sslerror_queue(); + sslerror_log(err, "error queue"); + } +} + +static void sslerror_log(unsigned long err, char *txt) { + char *error_string; + + error_string=str_alloc(120); + ERR_error_string(err, error_string); + s_log(LOG_ERR, "%s: %lX: %s", txt, err, error_string); + str_free(error_string); +} + +/* end of ctx.c */ diff --git a/src/env.c b/src/env.c new file mode 100644 index 0000000..483f23f --- /dev/null +++ b/src/env.c @@ -0,0 +1,70 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +/* getpeername() can't be declared in the following includes */ +#define getpeername no_getpeername +#include +#include /* for AF_INET */ +#include +#include /* for inet_addr() */ +#include /* for getenv() */ +#ifdef __BEOS__ +#include /* for AF_INET */ +#include /* for AF_INET */ +#else +#include /* for AF_INET */ +#endif +#undef getpeername + +int getpeername(int s, struct sockaddr_in *name, int *len) { + char *value; + + (void)s; /* skip warning about unused parameter */ + (void)len; /* skip warning about unused parameter */ + name->sin_family=AF_INET; + if((value=getenv("REMOTE_HOST"))) + name->sin_addr.s_addr=inet_addr(value); + else + name->sin_addr.s_addr=htonl(INADDR_ANY); + if((value=getenv("REMOTE_PORT"))) + name->sin_port=htons(atoi(value)); + else + name->sin_port=htons(0); /* dynamic port allocation */ + return 0; +} + +/* end of env.c */ diff --git a/src/evc.mak b/src/evc.mak new file mode 100644 index 0000000..8ac7588 --- /dev/null +++ b/src/evc.mak @@ -0,0 +1,141 @@ +# wce.mak for stunnel.exe by Michal Trojnara 2006-2012 +# with help of Pierre Delaage +# +# DEFAULTLIB management: only 2 are necessary +# defaultlibS as given for CLxxx in the MS doc ARE WRONG + +# !!!!!!!!!!!!!! +# CUSTOMIZE THIS according to your wcecompat and openssl directories +# !!!!!!!!!!!!!! + +# Modify this to point to your actual openssl compile directory +# (You did already compile openssl, didn't you???) +SSLDIR=C:\Users\standard\Documents\Dvts\Contrib\openssl\v1.0.0a\patched3 + +# Note that we currently use a multi-target customized version of legacy Essemer/wcecompat lib +COMPATDIR=C:\Users\standard\Documents\Dvts\Contrib\wcecompat\v12\patchedX86 + +WCEVER=420 + +# !!!!!!!!!!!!!!!!!! +# END CUSTOMIZATION +# !!!!!!!!!!!!!!!!!! + +!IF "$(TARGETCPU)"=="X86" +WCETARGETCPU=_X86_ +LDTARGETCPU=X86 +MORECFLAGS=/MT + +# TODO: continue list for other targets : see wcecompat/wcedefs.mak for a good ref. +# see also openssl/util/pl/vc-32.pl, also link /? +# for LDTARGETCPU: /MACHINE:{AM33|ARM|IA64|M32R|MIPS|MIPS16|MIPSFPU|MIPSFPU16|MIPSR41XX|SH3|SH3DSP|SH4|SH5|THUMB|X86} +# see wce/include/winnt.h for other "target architecture" flag + +!ELSEIF "$(TARGETCPU)"=="emulator" +WCETARGETCPU=_X86_ +LDTARGETCPU=X86 +MORECFLAGS=/MT + +!ELSEIF "$(TARGETCPU)"=="MIPS16" || "$(TARGETCPU)"=="MIPSII" || "$(TARGETCPU)"=="MIPSII_FP" || "$(TARGETCPU)"=="MIPSIV" || "$(TARGETCPU)"=="MIPSIV_FP" +WCETARGETCPU=_MIPS_ +LDTARGETCPU=MIPS +MORECFLAGS=/DMIPS /MC + +!ELSEIF "$(TARGETCPU)"=="SH3" || "$(TARGETCPU)"=="SH4" +WCETARGETCPU=SHx +LDTARGETCPU=$(TARGETCPU) +MORECFLAGS=/MC + +!ELSE +# default is ARM ! +# !IF "$(TARGETCPU)"=="ARMV4" || "$(TARGETCPU)"=="ARMV4I" || "$(TARGETCPU)"=="ARMV4T" +# the following flag is required by (eg) winnt.h, and is different from targetcpu (armV4) +WCETARGETCPU=ARM +LDTARGETCPU=ARM +MORECFLAGS=/MC + +!ENDIF + +# ceutilsdir probably useless (nb : were tools from essemer; but ms delivers a cecopy anyway, see ms dld site) +CEUTILSDIR=..\..\ceutils +# "ce:" is not a correct location , but we never "make install" +DSTDIR=ce:\stunnel +# use MS env vars, as in wcecompat and openssl makefiles +SDKDIR=$(SDKROOT)\$(OSVERSION)\$(PLATFORM) +INCLUDES=-I$(SSLDIR)\inc32 -I$(COMPATDIR)\include -I"$(SDKDIR)\include\$(TARGETCPU)" +# for X86 and other it appears that /MC or /ML flags are absurd, +# we always have to override runtime lib list to coredll and corelibc +LIBS=/NODEFAULTLIB coredll.lib corelibc.lib winsock.lib wcecompatex.lib libeay32.lib ssleay32.lib + +DEFINES=/DHOST=\"$(TARGETCPU)-WCE-eVC-$(WCEVER)\" +# /O1 /Oi more correct vs MS doc +CFLAGS=/nologo $(MORECFLAGS) /O1 /Oi /W3 /WX /GF /Gy $(DEFINES) /D$(WCETARGETCPU) /D$(TARGETCPU) /DUNDER_CE=$(WCEVER) /D_WIN32_WCE=$(WCEVER) /DUNICODE -D_UNICODE $(INCLUDES) +RFLAGS=$(DEFINES) $(INCLUDES) +# LDFLAGS: since openssl >> 098a (eg 098h) out32dll is out32dll_targetCPU for WCE +# delaage added $(TARGETCPU) in legacy Essemer/wcecompat libpath +# to ease multitarget compilation without recompiling everything +# this customized version is available on: +# http://delaage.pierre.free.fr/contrib/wcecompat/wcecompat12_patched.zip + +LDFLAGS=/nologo /subsystem:windowsce,3.00 /machine:$(LDTARGETCPU) /libpath:"$(SDKDIR)\lib\$(TARGETCPU)" /libpath:"$(COMPATDIR)\lib\$(TARGETCPU)" /libpath:"$(SSLDIR)\out32dll_$(TARGETCPU)" + +# Multi-target support for stunnel + +SRC=..\src +OBJROOT=..\obj +OBJ=$(OBJROOT)\$(TARGETCPU) +BINROOT=..\bin +BIN=$(BINROOT)\$(TARGETCPU) + +OBJS=$(OBJ)\stunnel.obj $(OBJ)\ssl.obj $(OBJ)\ctx.obj $(OBJ)\verify.obj \ + $(OBJ)\file.obj $(OBJ)\client.obj $(OBJ)\protocol.obj $(OBJ)\sthreads.obj \ + $(OBJ)\log.obj $(OBJ)\options.obj $(OBJ)\network.obj \ + $(OBJ)\resolver.obj $(OBJ)\str.obj $(OBJ)\fd.obj + +GUIOBJS=$(OBJ)\gui.obj $(OBJ)\resources.res +NOGUIOBJS=$(OBJ)\nogui.obj + +{$(SRC)\}.c{$(OBJ)\}.obj: + $(CC) $(CFLAGS) -Fo$@ -c $< + +{$(SRC)\}.cpp{$(OBJ)\}.obj: + $(CC) $(CFLAGS) -Fo$@ -c $< + +{$(SRC)\}.rc{$(OBJ)\}.res: + $(RC) $(RFLAGS) -fo$@ -r $< + +all: makedirs $(BIN)\stunnel.exe $(BIN)\tstunnel.exe + +makedirs: + -@ IF NOT EXIST $(OBJROOT) mkdir $(OBJROOT) >NUL 2>&1 + -@ IF NOT EXIST $(OBJ) mkdir $(OBJ) >NUL 2>&1 + -@ IF NOT EXIST $(BINROOT) mkdir $(BINROOT) >NUL 2>&1 + -@ IF NOT EXIST $(BIN) mkdir $(BIN) >NUL 2>&1 + +$(BIN)\stunnel.exe:$(OBJS) $(GUIOBJS) + link $(LDFLAGS) /out:$(BIN)\stunnel.exe $(LIBS) commctrl.lib $** + +$(BIN)\tstunnel.exe:$(OBJS) $(NOGUIOBJS) + link $(LDFLAGS) /out:$(BIN)\tstunnel.exe $(LIBS) $** + +$(OBJ)\resources.res: $(SRC)\resources.rc $(SRC)\resources.h $(SRC)\version.h +$(OBJ)\gui.obj: $(SRC)\gui.c $(SRC)\version.h +$(OBJ)\stunnel.obj: $(SRC)\stunnel.c $(SRC)\version.h + +# now list of openssl dll has more files, +# but we do not use "make install" for stunnel +# ceutils come from essemer/wcecompat website +# some tools can be found at MS website +# TODO: update all this ceutils stuff, or suppress it + +install: stunnel.exe tstunnel.exe + $(CEUTILSDIR)\cemkdir $(DSTDIR) || echo Directory exists? + $(CEUTILSDIR)\cecopy stunnel.exe $(DSTDIR) + $(CEUTILSDIR)\cecopy tstunnel.exe $(DSTDIR) + $(CEUTILSDIR)\cecopy $(SSLDIR)\out32dll_$(TARGETCPU)\libeay32.dll $(DSTDIR) + $(CEUTILSDIR)\cecopy $(SSLDIR)\out32dll_$(TARGETCPU)\ssleay32.dll $(DSTDIR) + +clean: + -@ IF NOT "$(TARGETCPU)"=="" del $(OBJS) $(GUIOBJS) $(NOGUIOBJS) $(BIN)\stunnel.exe $(BIN)\tstunnel.exe >NUL 2>&1 + -@ IF NOT "$(TARGETCPU)"=="" rmdir $(OBJ) >NUL 2>&1 + -@ IF NOT "$(TARGETCPU)"=="" rmdir $(BIN) >NUL 2>&1 diff --git a/src/fd.c b/src/fd.c new file mode 100644 index 0000000..b732bf1 --- /dev/null +++ b/src/fd.c @@ -0,0 +1,250 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#if defined HAVE_PIPE2 && defined HAVE_ACCEPT4 +#define USE_NEW_LINUX_API 1 +#endif + +/* try to use non-POSIX O_NDELAY on obsolete BSD systems */ +#if !defined O_NONBLOCK && defined O_NDELAY +#define O_NONBLOCK O_NDELAY +#endif + +/**************************************** prototypes */ + +static int setup_fd(int, int, char *); + +/**************************************** internal limit of file descriptors */ + +#ifndef USE_FORK + +static int max_fds; + +void get_limits(void) { /* set max_fds and max_clients */ + /* start with current ulimit */ +#if defined(HAVE_SYSCONF) + errno=0; + max_fds=sysconf(_SC_OPEN_MAX); + if(errno) + ioerror("sysconf"); + if(max_fds<0) + max_fds=0; /* unlimited */ +#elif defined(HAVE_GETRLIMIT) + struct rlimit rlim; + + if(getrlimit(RLIMIT_NOFILE, &rlim)<0) { + ioerror("getrlimit"); + max_fds=0; /* unlimited */ + } else + max_fds=rlim.rlim_cur!=RLIM_INFINITY ? rlim.rlim_cur : 0; +#else + max_fds=0; /* unlimited */ +#endif /* HAVE_SYSCONF || HAVE_GETRLIMIT */ + +#if !defined(USE_WIN32) && !defined(USE_POLL) && !defined(__INNOTEK_LIBC__) + /* apply FD_SETSIZE if select() is used on Unix */ + if(!max_fds || max_fds>FD_SETSIZE) + max_fds=FD_SETSIZE; /* start with select() limit */ +#endif /* select() on Unix */ + + /* stunnel needs at least 16 file desriptors */ + if(max_fds && max_fds<16) + max_fds=16; + + if(max_fds) { + max_clients=max_fds>=256 ? max_fds*125/256 : (max_fds-6)/2; + s_log(LOG_DEBUG, "Clients allowed=%d", max_clients); + } else { + max_clients=0; + s_log(LOG_DEBUG, "No limit detected for the number of clients"); + } +} + +#endif + +/**************************************** file descriptor validation */ + +int s_socket(int domain, int type, int protocol, int nonblock, char *msg) { +#ifdef USE_NEW_LINUX_API + if(nonblock) + type|=SOCK_NONBLOCK; + type|=SOCK_CLOEXEC; +#endif + return setup_fd(socket(domain, type, protocol), nonblock, msg); +} + +int s_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen, + int nonblock, char *msg) { + int fd; + +#ifdef USE_NEW_LINUX_API + if(nonblock) + fd=accept4(sockfd, addr, addrlen, SOCK_NONBLOCK|SOCK_CLOEXEC); + else + fd=accept4(sockfd, addr, addrlen, SOCK_CLOEXEC); +#else + fd=accept(sockfd, addr, addrlen); +#endif + return setup_fd(fd, nonblock, msg); +} + +#ifndef USE_WIN32 + +int s_socketpair(int domain, int type, int protocol, int sv[2], + int nonblock, char *msg) { +#ifdef USE_NEW_LINUX_API + if(nonblock) + type|=SOCK_NONBLOCK; + type|=SOCK_CLOEXEC; +#endif + if(socketpair(domain, type, protocol, sv)<0) { + ioerror(msg); + return -1; + } + if(setup_fd(sv[0], nonblock, msg)<0) { + closesocket(sv[1]); + return -1; + } + if(setup_fd(sv[1], nonblock, msg)<0) { + closesocket(sv[0]); + return -1; + } + return 0; +} + +int s_pipe(int pipefd[2], int nonblock, char *msg) { + int retval; + +#ifdef USE_NEW_LINUX_API + if(nonblock) + retval=pipe2(pipefd, O_NONBLOCK|O_CLOEXEC); + else + retval=pipe2(pipefd, O_CLOEXEC); +#else + retval=pipe(pipefd); +#endif + if(retval<0) { + ioerror(msg); + return -1; + } + if(setup_fd(pipefd[0], nonblock, msg)<0) { + close(pipefd[1]); + return -1; + } + if(setup_fd(pipefd[1], nonblock, msg)<0) { + close(pipefd[0]); + return -1; + } + return 0; +} + +#endif /* USE_WIN32 */ + +static int setup_fd(int fd, int nonblock, char *msg) { +#if !defined USE_NEW_LINUX_API && defined FD_CLOEXEC + int err; +#endif + + if(fd<0) { + sockerror(msg); + return -1; + } +#ifndef USE_FORK + if(max_fds && fd>=max_fds) { + s_log(LOG_ERR, "%s: FD=%d out of range (max %d)", + msg, fd, max_fds); + closesocket(fd); + return -1; + } +#endif + +#ifdef USE_NEW_LINUX_API + (void)nonblock; /* skip warning about unused parameter */ +#else /* set O_NONBLOCK and F_SETFD */ + set_nonblock(fd, nonblock); +#ifdef FD_CLOEXEC + do { + err=fcntl(fd, F_SETFD, FD_CLOEXEC); + } while(err<0 && get_last_socket_error()==S_EINTR); + if(err<0) + sockerror("fcntl SETFD"); /* non-critical */ +#endif /* FD_CLOEXEC */ +#endif /* USE_NEW_LINUX_API */ + +#ifdef DEBUG_FD_ALLOC + s_log(LOG_DEBUG, "%s: FD=%d allocated (%sblocking mode)", + msg, fd, nonblock?"non-":""); +#endif /* DEBUG_FD_ALLOC */ + + return fd; +} + +void set_nonblock(int fd, unsigned long nonblock) { +#if defined F_GETFL && defined F_SETFL && defined O_NONBLOCK && !defined __INNOTEK_LIBC__ + int err, flags; + + do { + flags=fcntl(fd, F_GETFL, 0); + } while(flags<0 && get_last_socket_error()==S_EINTR); + if(flags<0) { + sockerror("fcntl GETFL"); /* non-critical */ + return; + } + if(nonblock) + flags|=O_NONBLOCK; + else + flags&=~O_NONBLOCK; + do { + err=fcntl(fd, F_SETFL, flags); + } while(err<0 && get_last_socket_error()==S_EINTR); + if(err<0) + sockerror("fcntl SETFL"); /* non-critical */ +#else /* WIN32 or similar */ + if(ioctlsocket(fd, FIONBIO, &nonblock)<0) + sockerror("ioctlsocket"); /* non-critical */ +#if 0 + else + s_log(LOG_DEBUG, "Socket %d set to %s mode", + fd, nonblock ? "non-blocking" : "blocking"); +#endif +#endif +} + +/* end of fd.c */ diff --git a/src/file.c b/src/file.c new file mode 100644 index 0000000..a859bef --- /dev/null +++ b/src/file.c @@ -0,0 +1,223 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#ifdef USE_WIN32 + +DISK_FILE *file_open(char *name, int wr) { + DISK_FILE *df; + LPTSTR tstr; + HANDLE fh; + + /* open file */ + tstr=str2tstr(name); + fh=CreateFile(tstr, wr ? GENERIC_WRITE : GENERIC_READ, + FILE_SHARE_READ, NULL, wr ? OPEN_ALWAYS : OPEN_EXISTING, + FILE_ATTRIBUTE_NORMAL, (HANDLE)NULL); + str_free(tstr); + if(fh==INVALID_HANDLE_VALUE) { + ioerror(name); + return NULL; + } + if(wr) /* append */ + SetFilePointer(fh, 0, NULL, FILE_END); + + /* setup df structure */ + df=str_alloc(sizeof df); + df->fh=fh; + return df; +} + +#else /* USE_WIN32 */ + +DISK_FILE *file_fdopen(int fd) { + DISK_FILE *df; + + df=str_alloc(sizeof(DISK_FILE)); + df->fd=fd; + return df; +} + +DISK_FILE *file_open(char *name, int wr) { + DISK_FILE *df; + int fd, flags; + + /* open file */ + if(wr) + flags=O_CREAT|O_WRONLY|O_APPEND; + else + flags=O_RDONLY; +#ifdef O_NONBLOCK + flags|=O_NONBLOCK; +#elif defined O_NDELAY + flags|=O_NDELAY; +#endif +#ifdef O_CLOEXEC + flags|=O_CLOEXEC; +#endif /* O_CLOEXEC */ + fd=open(name, flags, 0640); + if(fd<0) { + ioerror(name); + return NULL; + } + + /* setup df structure */ + df=str_alloc(sizeof df); + df->fd=fd; + return df; +} + +#endif /* USE_WIN32 */ + +void file_close(DISK_FILE *df) { + if(!df) /* nothing to do */ + return; +#ifdef USE_WIN32 + CloseHandle(df->fh); +#else /* USE_WIN32 */ + close(df->fd); +#endif /* USE_WIN32 */ + str_free(df); +} + +int file_getline(DISK_FILE *df, char *line, int len) { + /* this version is really slow, but performance is not important here */ + /* (no buffering is implemented) */ + int i; +#ifdef USE_WIN32 + DWORD num; +#else /* USE_WIN32 */ + int num; +#endif /* USE_WIN32 */ + + if(!df) /* not opened */ + return -1; + + for(i=0; ifh, line+i, 1, &num, NULL); +#else /* USE_WIN32 */ + num=read(df->fd, line+i, 1); +#endif /* USE_WIN32 */ + if(num!=1) { /* EOF */ + if(i) /* any previously retrieved data */ + break; + else + return -1; + } + if(line[i]=='\n') /* LF */ + break; + if(line[i]=='\r') /* CR */ + --i; /* ignore - it must be the last check */ + } + line[i]='\0'; + return i; +} + +int file_putline(DISK_FILE *df, char *line) { + int len; + char *buff; +#ifdef USE_WIN32 + DWORD num; +#else /* USE_WIN32 */ + int num; +#endif /* USE_WIN32 */ + + len=strlen(line); + buff=str_alloc(len+2); /* +2 for CR+LF */ + strcpy(buff, line); +#ifdef USE_WIN32 + buff[len++]='\r'; /* CR */ +#endif /* USE_WIN32 */ + buff[len++]='\n'; /* LF */ +#ifdef USE_WIN32 + WriteFile(df->fh, buff, len, &num, NULL); +#else /* USE_WIN32 */ + /* no file -> write to stderr */ + num=write(df ? df->fd : 2, buff, len); +#endif /* USE_WIN32 */ + str_free(buff); + return num; +} + +#ifdef USE_WIN32 + +LPTSTR str2tstr(const LPSTR in) { + LPTSTR out; + int len; + +#ifdef UNICODE + len=MultiByteToWideChar(CP_ACP, 0, in, -1, NULL, 0); + if(!len) + return NULL; + out=str_alloc((len+1)*sizeof(WCHAR)); + len=MultiByteToWideChar(CP_ACP, 0, in, -1, out, len); + if(!len) + return NULL; +#else + len=strlen(in); + out=str_alloc(len+1); + strcpy(out, in); +#endif + return out; +} + +LPSTR tstr2str(const LPTSTR in) { + LPSTR out; + int len; + +#ifdef UNICODE + len=WideCharToMultiByte(CP_ACP, 0, in, -1, NULL, 0, NULL, NULL); + if(!len) + return NULL; + out=str_alloc(len+1); + len=WideCharToMultiByte(CP_ACP, 0, in, -1, out, len, NULL, NULL); + if(!len) + return NULL; +#else + len=strlen(in); + out=str_alloc(len+1); + strcpy(out, in); +#endif + return out; +} + +#endif /* USE_WIN32 */ + +/* end of file.c */ diff --git a/src/gui.c b/src/gui.c new file mode 100644 index 0000000..88472f1 --- /dev/null +++ b/src/gui.c @@ -0,0 +1,1311 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" +#include +#include +#ifndef _WIN32_WCE +#include +#endif +#include "resources.h" + +#define LOG_LINES 1000 + +#ifdef _WIN32_WCE +#define STUNNEL_PLATFORM "WinCE" +#else +#define STUNNEL_PLATFORM "Win32" +#define SERVICE_NAME "stunnel" +#endif + +/* mingw-Patches-1825044 is missing in Debian Squeeze */ +WINBASEAPI BOOL WINAPI CheckTokenMembership(HANDLE, PSID, PBOOL); + +/* prototypes */ +static BOOL CALLBACK enum_windows(HWND, LPARAM); +static void parse_cmdline(LPSTR); +static int initialize_winsock(void); +static int gui_loop(); + +static LRESULT CALLBACK window_proc(HWND, UINT, WPARAM, LPARAM); +static LRESULT CALLBACK about_proc(HWND, UINT, WPARAM, LPARAM); +static LRESULT CALLBACK pass_proc(HWND, UINT, WPARAM, LPARAM); + +static void save_log(void); +static void win_log(LPSTR); +static int save_text_file(LPTSTR, char *); +static void update_logs(void); +static LPTSTR log_txt(void); + +static void daemon_thread(void *); + +static void valid_config(void); +static void invalid_config(void); +static void update_peer_menu(void); +static void update_tray_icon(void); +static void error_box(const LPSTR); +static void message_box(const LPSTR, const UINT); +static void edit_config(HWND); +static BOOL is_admin(void); + +/* NT Service related function */ +#ifndef _WIN32_WCE +static int service_initialize(void); +static int service_install(LPTSTR); +static int service_uninstall(void); +static int service_start(void); +static int service_stop(void); +static void WINAPI service_main(DWORD, LPTSTR *); +static void WINAPI control_handler(DWORD); +#endif /* !defined(_WIN32_WCE) */ + +/* global variables */ +static struct LIST { + struct LIST *next; + int len; + TCHAR txt[1]; /* single character for trailing '\0' */ +} *head=NULL, *tail=NULL; + +static unsigned int number_of_sections=0; + +static HINSTANCE ghInst; +static HWND edit_handle=NULL; +static HMENU tray_menu_handle=NULL; +#ifndef _WIN32_WCE +static HMENU main_menu_handle=NULL; +#endif +HWND hwnd=NULL; /* main window handle */ +#ifdef _WIN32_WCE +static HWND command_bar_handle; /* command bar handle */ +#endif +static HANDLE small_icon; /* 16x16 icon */ +static TCHAR *win32_name; +static HANDLE daemon_handle=NULL; + +#ifndef _WIN32_WCE +static SERVICE_STATUS serviceStatus; +static SERVICE_STATUS_HANDLE serviceStatusHandle=0; +#endif + +static volatile int visible=0; +static volatile int error_mode=1; /* no valid configuration was ever loaded */ +static HANDLE config_ready=NULL; /* reload without a valid configuration */ +static LONG new_logs=0; + +static UI_DATA *ui_data=NULL; + +#ifndef _WIN32_WCE +GETADDRINFO s_getaddrinfo; +FREEADDRINFO s_freeaddrinfo; +GETNAMEINFO s_getnameinfo; +#endif + +static struct { + char *config_file; + unsigned int install:1, uninstall:1, start:1, stop:1, service:1, + quiet:1, exit:1; +} cmdline; + +/**************************************** initialization */ + +int WINAPI WinMain(HINSTANCE this_instance, HINSTANCE prev_instance, +#ifdef _WIN32_WCE + LPWSTR lpCmdLine, +#else + LPSTR lpCmdLine, +#endif + int nCmdShow) { + LPSTR command_line; +#ifndef _WIN32_WCE + char *c, *errmsg; + char stunnel_exe_path[MAX_PATH]; +#endif + + (void)prev_instance; /* skip warning about unused parameter */ + (void)nCmdShow; /* skip warning about unused parameter */ + + str_init(); /* initialize per-thread string management */ + ghInst=this_instance; +#ifdef _WIN32_WCE + command_line=tstr2str(lpCmdLine); +#else + command_line=lpCmdLine; +#endif + + /* win32_name is needed for any error_box(), message_box(), + * and the initial main window title */ + win32_name=TEXT("stunnel ") TEXT(STUNNEL_VERSION) TEXT(" on ") + TEXT(STUNNEL_PLATFORM) TEXT(" (not configured)"); + + parse_cmdline(command_line); /* setup global cmdline structure */ + +#ifndef _WIN32_WCE + GetModuleFileName(0, stunnel_exe_path, MAX_PATH); + + /* find previous instances of the same executable */ + EnumWindows(enum_windows, (LPARAM)stunnel_exe_path); + + /* change current working directory */ + c=strrchr(stunnel_exe_path, '\\'); /* last backslash */ + if(c) /* found */ + c[1]='\0'; /* truncate program name */ + if(!SetCurrentDirectory(stunnel_exe_path)) { + errmsg=str_printf("Cannot set directory to %s", stunnel_exe_path); + message_box(errmsg, MB_ICONERROR); + str_free(errmsg); + return 1; + } + + if(cmdline.exit) + return 0; /* in case EnumWindows didn't find a previous instance */ +#endif + + if(initialize_winsock()) + return 1; + +#ifndef _WIN32_WCE + if(cmdline.service) /* it must be checked before "-install" */ + return service_initialize(); + if(cmdline.install) + return service_install(command_line); + if(cmdline.uninstall) + return service_uninstall(); + if(cmdline.start) + return service_start(); + if(cmdline.stop) + return service_stop(); +#endif + return gui_loop(); +} + +#ifndef _WIN32_WCE + +static BOOL CALLBACK enum_windows(HWND other_window_handle, LPARAM lParam) { + DWORD pid; + HINSTANCE hInstance; + char window_exe_path[MAX_PATH]; + HANDLE process_handle; + char *stunnel_exe_path=(char *)lParam; + + if(!other_window_handle) + return TRUE; + hInstance=(HINSTANCE)GetWindowLong(other_window_handle, GWL_HINSTANCE); + GetWindowThreadProcessId(other_window_handle, &pid); + process_handle=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, + FALSE, pid); + if(!GetModuleFileNameEx(process_handle, hInstance, window_exe_path, MAX_PATH)) { + CloseHandle(process_handle); + return TRUE; + } + if(strcmp(stunnel_exe_path, window_exe_path)) { + CloseHandle(process_handle); + return TRUE; + } + if(cmdline.exit) { + SendMessage(other_window_handle, WM_COMMAND, IDM_EXIT, 0); + WaitForSingleObject(process_handle, 3000); + } else { + ShowWindow(other_window_handle, SW_SHOWNORMAL); /* show window */ + SetForegroundWindow(other_window_handle); /* bring on top */ + } + CloseHandle(process_handle); + exit(0); + return FALSE; /* should never be executed */ +} + +#endif + +static void parse_cmdline(LPSTR command_line) { + char *line, *c, *opt; + + line=str_dup(command_line); + memset(&cmdline, 0, sizeof cmdline); + + c=line; + while(*c && (*c=='/' || *c=='-')) { + opt=c; + while(*c && !isspace(*c)) /* skip non-whitespaces */ + c++; + while(*c && isspace(*c)) /* replace whitespaces with '\0' */ + *c++='\0'; + if(!strcasecmp(opt+1, "install")) + cmdline.install=1; + else if(!strcasecmp(opt+1, "uninstall")) + cmdline.uninstall=1; + else if(!strcasecmp(opt+1, "start")) + cmdline.start=1; + else if(!strcasecmp(opt+1, "stop")) + cmdline.stop=1; + else if(!strcasecmp(opt+1, "service")) + cmdline.service=1; + else if(!strcasecmp(opt+1, "quiet")) + cmdline.quiet=1; + else if(!strcasecmp(opt+1, "exit")) + cmdline.exit=1; + else { /* option to be processed in options.c */ + c=opt; + break; + } + } + cmdline.config_file=*c ? str_dup(c) : NULL; + str_free(line); +} + +/* try to load winsock2 resolver functions from a specified dll name */ +static int initialize_winsock() { + static struct WSAData wsa_state; +#ifndef _WIN32_WCE + HINSTANCE handle; +#endif + + if(WSAStartup(MAKEWORD( 2, 2 ), &wsa_state)) { + message_box("Failed to initialize winsock", MB_ICONERROR); + return 1; /* error */ + } +#ifndef _WIN32_WCE + handle=LoadLibrary("ws2_32.dll"); /* IPv6 in Windows XP or higher */ + if(handle) { + s_getaddrinfo=(GETADDRINFO)GetProcAddress(handle, "getaddrinfo"); + s_freeaddrinfo=(FREEADDRINFO)GetProcAddress(handle, "freeaddrinfo"); + s_getnameinfo=(GETNAMEINFO)GetProcAddress(handle, "getnameinfo"); + if(s_getaddrinfo && s_freeaddrinfo && s_getnameinfo) + return 0; /* IPv6 detected -> OK */ + FreeLibrary(handle); + } + handle=LoadLibrary("wship6.dll"); /* experimental IPv6 for Windows 2000 */ + if(handle) { + s_getaddrinfo=(GETADDRINFO)GetProcAddress(handle, "getaddrinfo"); + s_freeaddrinfo=(FREEADDRINFO)GetProcAddress(handle, "freeaddrinfo"); + s_getnameinfo=(GETNAMEINFO)GetProcAddress(handle, "getnameinfo"); + if(s_getaddrinfo && s_freeaddrinfo && s_getnameinfo) + return 0; /* IPv6 detected -> OK */ + FreeLibrary(handle); + } + s_getaddrinfo=NULL; + s_freeaddrinfo=NULL; + s_getnameinfo=NULL; +#endif + return 0; /* IPv4 detected -> OK */ +} + +/**************************************** GUI thread */ + +static int gui_loop() { +#ifdef _WIN32_WCE + WNDCLASS wc; +#else + WNDCLASSEX wc; +#endif + MSG msg; + LPTSTR classname=TEXT("stunnel_main_window_class"); + + /* register the class */ +#ifndef _WIN32_WCE + wc.cbSize=sizeof wc; +#endif + wc.style=CS_VREDRAW|CS_HREDRAW; + wc.lpfnWndProc=window_proc; + wc.cbClsExtra=wc.cbWndExtra=0; + wc.hInstance=ghInst; + wc.hIcon=LoadIcon(ghInst, MAKEINTRESOURCE(IDI_MYICON)); + wc.hCursor=LoadCursor(NULL, IDC_ARROW); + wc.hbrBackground=(HBRUSH)(COLOR_WINDOW+1); + wc.lpszMenuName=NULL; + wc.lpszClassName=classname; + small_icon=LoadImage(ghInst, MAKEINTRESOURCE(IDI_MYICON), IMAGE_ICON, + GetSystemMetrics(SM_CXSMICON), GetSystemMetrics(SM_CYSMICON), 0); +#ifdef _WIN32_WCE + RegisterClass(&wc); +#else + wc.hIconSm=small_icon; /* 16x16 icon */ + RegisterClassEx(&wc); +#endif + + /* create main window */ +#ifdef _WIN32_WCE + hwnd=CreateWindow(classname, win32_name, 0, + CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, + NULL, NULL, ghInst, NULL); +#else + main_menu_handle=LoadMenu(ghInst, MAKEINTRESOURCE(IDM_MAINMENU)); + hwnd=CreateWindow(classname, win32_name, WS_TILEDWINDOW, + CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, + NULL, main_menu_handle, ghInst, NULL); + + if(cmdline.service) { /* block unsafe operations in the service mode */ + if(main_menu_handle) { + EnableMenuItem(main_menu_handle, IDM_EDIT_CONFIG, MF_GRAYED); + EnableMenuItem(main_menu_handle, IDM_SAVE_LOG, MF_GRAYED); + } + if(tray_menu_handle) { + EnableMenuItem(tray_menu_handle, IDM_EDIT_CONFIG, MF_GRAYED); + } + } +#endif + /* auto-reset, non-signaled */ + config_ready=CreateEvent(NULL, FALSE, FALSE, NULL); + daemon_handle=(HANDLE)_beginthread(daemon_thread, DEFAULT_STACK_SIZE, NULL); + + while(GetMessage(&msg, NULL, 0, 0)) { + TranslateMessage(&msg); + DispatchMessage(&msg); + } + + return msg.wParam; +} + +static LRESULT CALLBACK window_proc(HWND main_window_handle, + UINT message, WPARAM wParam, LPARAM lParam) { + NOTIFYICONDATA nid; + POINT pt; + RECT rect; + SERVICE_OPTIONS *section; + unsigned int section_number; + +#if 0 + if(message!=WM_CTLCOLORSTATIC && message!=WM_TIMER) + s_log(LOG_DEBUG, "Window message: %d", message); +#endif + switch(message) { + case WM_CREATE: +#ifdef _WIN32_WCE + /* create command bar */ + command_bar_handle=CommandBar_Create(ghInst, main_window_handle, 1); + if(!command_bar_handle) + error_box("CommandBar_Create"); + if(!CommandBar_InsertMenubar(command_bar_handle, ghInst, IDM_MAINMENU, 0)) + error_box("CommandBar_InsertMenubar"); + if(!CommandBar_AddAdornments(command_bar_handle, 0, 0)) + error_box("CommandBar_AddAdornments"); +#endif + + /* create child edit window */ + edit_handle=CreateWindow(TEXT("EDIT"), NULL, + WS_CHILD|WS_VISIBLE|WS_HSCROLL|WS_VSCROLL|ES_MULTILINE|ES_READONLY, + 0, 0, 0, 0, main_window_handle, (HMENU)IDE_EDIT, ghInst, NULL); +#ifndef _WIN32_WCE + SendMessage(edit_handle, WM_SETFONT, + (WPARAM)CreateFont(-12, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, + DEFAULT_CHARSET, OUT_RASTER_PRECIS, CLIP_DEFAULT_PRECIS, + PROOF_QUALITY, DEFAULT_PITCH, TEXT("Courier")), + MAKELPARAM(FALSE, 0)); /* no need to redraw right, now */ +#endif + /* NOTE: there's no return statement here -> proceeding with resize */ + + case WM_SIZE: + GetClientRect(main_window_handle, &rect); +#ifdef _WIN32_WCE + MoveWindow(edit_handle, 0, CommandBar_Height(command_bar_handle), + rect.right, rect.bottom-CommandBar_Height(command_bar_handle), TRUE); +#else + MoveWindow(edit_handle, 0, 0, rect.right, rect.bottom, TRUE); +#endif + UpdateWindow(edit_handle); + /* CommandBar_Show(command_bar_handle, TRUE); */ + return TRUE; + + case WM_SETFOCUS: + SetFocus(edit_handle); + return TRUE; + + case WM_TIMER: + update_tray_icon(); + if(visible) + update_logs(); + return TRUE; + + case WM_CLOSE: + ShowWindow(main_window_handle, SW_HIDE); + return TRUE; + + case WM_SHOWWINDOW: + visible=wParam; /* setup global variable */ + if(tray_menu_handle) + CheckMenuItem(tray_menu_handle, IDM_SHOW_LOG, + visible ? MF_CHECKED : MF_UNCHECKED); + if(visible) + update_logs(); + return TRUE; + + case WM_DESTROY: +#ifdef _WIN32_WCE + CommandBar_Destroy(command_bar_handle); +#else + if(main_menu_handle) + DestroyMenu(main_menu_handle); +#endif + if(tray_menu_handle) + DestroyMenu(tray_menu_handle); + ZeroMemory(&nid, sizeof nid); + nid.cbSize=sizeof nid; + nid.hWnd=main_window_handle; + nid.uID=1; + nid.uFlags=NIF_TIP; /* not really sure what to put here, but it works */ + Shell_NotifyIcon(NIM_DELETE, &nid); /* this removes the icon */ + PostQuitMessage(0); + KillTimer(main_window_handle, 0x29a); + return TRUE; + + case WM_COMMAND: + if(wParam>=IDM_PEER_MENU && wParamnext, ++section_number) + ; + if(!section) + return TRUE; + if(save_text_file(section->file, section->chain)) + return TRUE; +#ifndef _WIN32_WCE + if(main_menu_handle) + CheckMenuItem(main_menu_handle, wParam, MF_CHECKED); +#endif + if(tray_menu_handle) + CheckMenuItem(tray_menu_handle, wParam, MF_CHECKED); + message_box(section->help, MB_ICONINFORMATION); + return TRUE; + } + switch(wParam) { + case IDM_ABOUT: + DialogBox(ghInst, TEXT("AboutBox"), main_window_handle, + (DLGPROC)about_proc); + break; + case IDM_SHOW_LOG: + if(visible) { + ShowWindow(main_window_handle, SW_HIDE); /* hide window */ + } else { + ShowWindow(main_window_handle, SW_SHOWNORMAL); /* show window */ + SetForegroundWindow(main_window_handle); /* bring on top */ + } + break; + case IDM_CLOSE: + ShowWindow(main_window_handle, SW_HIDE); /* hide window */ + break; + case IDM_EXIT: + if(!error_mode) { /* signal_pipe is active */ + signal_post(SIGNAL_TERMINATE); + WaitForSingleObject(daemon_handle, 3000); + } + DestroyWindow(main_window_handle); + break; + case IDM_SAVE_LOG: + if(!cmdline.service) /* security */ + save_log(); + break; + case IDM_EDIT_CONFIG: +#ifndef _WIN32_WCE + if(!cmdline.service) /* security */ + edit_config(main_window_handle); +#endif + break; + case IDM_RELOAD_CONFIG: + if(error_mode) /* unlock daemon_thread */ + SetEvent(config_ready); + else /* signal_pipe is active */ + signal_post(SIGNAL_RELOAD_CONFIG); + break; + case IDM_REOPEN_LOG: + signal_post(SIGNAL_REOPEN_LOG); + break; + case IDM_MANPAGE: +#ifndef _WIN32_WCE + if(!cmdline.service) /* security */ + ShellExecute(main_window_handle, TEXT("open"), + TEXT("stunnel.html"), NULL, NULL, SW_SHOWNORMAL); +#endif + break; + case IDM_HOMEPAGE: +#ifndef _WIN32_WCE + if(!cmdline.service) /* security */ + ShellExecute(main_window_handle, TEXT("open"), + TEXT("http://www.stunnel.org/"), NULL, NULL, SW_SHOWNORMAL); +#endif + break; + } + return TRUE; + + case WM_SYSTRAY: /* a taskbar event */ + switch(lParam) { +#ifdef _WIN32_WCE + case WM_LBUTTONDOWN: /* no right mouse button on Windows CE */ + GetWindowRect(GetDesktopWindow(), &rect); /* no cursor position */ + pt.x=rect.right; + pt.y=rect.bottom-25; +#else + case WM_RBUTTONDOWN: + GetCursorPos(&pt); +#endif + SetForegroundWindow(main_window_handle); + TrackPopupMenuEx(GetSubMenu(tray_menu_handle, 0), TPM_BOTTOMALIGN, + pt.x, pt.y, main_window_handle, NULL); + PostMessage(main_window_handle, WM_NULL, 0, 0); + break; +#ifndef _WIN32_WCE + case WM_LBUTTONDBLCLK: /* switch log window visibility */ + if(visible) { + ShowWindow(main_window_handle, SW_HIDE); /* hide window */ + } else { + ShowWindow(main_window_handle, SW_SHOWNORMAL); /* show window */ + SetForegroundWindow(main_window_handle); /* bring on top */ + } + break; +#endif + } + return TRUE; + + case WM_VALID_CONFIG: + valid_config(); + return TRUE; + + case WM_INVALID_CONFIG: + invalid_config(); + return TRUE; + + case WM_LOG: + win_log((LPSTR)wParam); + return TRUE; + + case WM_NEW_CHAIN: +#ifndef _WIN32_WCE + if(main_menu_handle) + EnableMenuItem(main_menu_handle, IDM_PEER_MENU+wParam, MF_ENABLED); +#endif + if(tray_menu_handle) + EnableMenuItem(tray_menu_handle, IDM_PEER_MENU+wParam, MF_ENABLED); + return TRUE; + } + + return DefWindowProc(main_window_handle, message, wParam, lParam); +} + +static LRESULT CALLBACK about_proc(HWND dialog_handle, UINT message, + WPARAM wParam, LPARAM lParam) { + (void)lParam; /* skip warning about unused parameter */ + + switch(message) { + case WM_INITDIALOG: + return TRUE; + case WM_COMMAND: + switch(wParam) { + case IDOK: + case IDCANCEL: + EndDialog(dialog_handle, TRUE); + return TRUE; + } + } + return FALSE; +} + +static LRESULT CALLBACK pass_proc(HWND dialog_handle, UINT message, + WPARAM wParam, LPARAM lParam) { + char *titlebar; + LPTSTR tstr; + union { + TCHAR txt[PEM_BUFSIZE]; + WORD len; + } pass_dialog; + WORD pass_len; + char* pass_txt; + + switch(message) { + case WM_INITDIALOG: + /* set the default push button to "Cancel" */ + SendMessage(dialog_handle, DM_SETDEFID, (WPARAM)IDCANCEL, (LPARAM)0); + + titlebar=str_printf("Private key: %s", ui_data->section->key); + tstr=str2tstr(titlebar); + str_free(titlebar); + SetWindowText(dialog_handle, tstr); + str_free(tstr); + return TRUE; + + case WM_COMMAND: + /* set the default push button to "OK" when the user enters text */ + if(HIWORD(wParam)==EN_CHANGE && LOWORD(wParam)==IDE_PASSEDIT) + SendMessage(dialog_handle, DM_SETDEFID, (WPARAM)IDOK, (LPARAM)0); + switch(wParam) { + case IDOK: + /* get number of characters */ + pass_len=(WORD)SendDlgItemMessage(dialog_handle, + IDE_PASSEDIT, EM_LINELENGTH, (WPARAM)0, (LPARAM)0); + if(!pass_len || pass_len>=PEM_BUFSIZE) { + EndDialog(dialog_handle, FALSE); + return FALSE; + } + + /* put the number of characters into first word of buffer */ + pass_dialog.len=pass_len; + + /* get the characters */ + SendDlgItemMessage(dialog_handle, IDE_PASSEDIT, EM_GETLINE, + (WPARAM)0 /* line 0 */, (LPARAM)pass_dialog.txt); + pass_dialog.txt[pass_len]='\0'; /* null-terminate the string */ + + /* convert input password to ANSI string (as ui_data->pass) */ + pass_txt=tstr2str(pass_dialog.txt); + strcpy(ui_data->pass, pass_txt); + str_free(pass_txt); + + EndDialog(dialog_handle, TRUE); + return TRUE; + + case IDCANCEL: + EndDialog(dialog_handle, FALSE); + return TRUE; + } + return 0; + } + return FALSE; + + UNREFERENCED_PARAMETER(lParam); +} + +int passwd_cb(char *buf, int size, int rwflag, void *userdata) { + (void)rwflag; /* skip warning about unused parameter */ + + ui_data=userdata; + if(!DialogBox(ghInst, TEXT("PassBox"), hwnd, (DLGPROC)pass_proc)) + return 0; /* error */ + strncpy(buf, ui_data->pass, size); + buf[size-1]='\0'; + return strlen(buf); +} + +#ifdef HAVE_OSSL_ENGINE_H +int pin_cb(UI *ui, UI_STRING *uis) { + ui_data=UI_get0_user_data(ui); /* was: ui_data=UI_get_app_data(ui); */ + if(!ui_data) { + s_log(LOG_ERR, "INTERNAL ERROR: user data data pointer"); + return 0; + } + if(!DialogBox(ghInst, TEXT("PassBox"), hwnd, (DLGPROC)pass_proc)) + return 0; /* error */ + UI_set_result(ui, uis, ui_data->pass); + return 1; +} +#endif + +/**************************************** log handling */ + +static void save_log() { + TCHAR file_name[MAX_PATH]; + OPENFILENAME ofn; + LPTSTR txt; + LPSTR str; + + ZeroMemory(&ofn, sizeof ofn); + file_name[0]='\0'; + + ofn.lStructSize=sizeof ofn; + ofn.hwndOwner=hwnd; + ofn.lpstrFilter=TEXT("Log Files (*.log)\0*.log\0All Files (*.*)\0*.*\0\0"); + ofn.lpstrFile=file_name; + ofn.nMaxFile=MAX_PATH; + ofn.lpstrDefExt=TEXT("LOG"); + ofn.lpstrInitialDir=TEXT("."); + + ofn.lpstrTitle=TEXT("Save Log"); + ofn.Flags=OFN_EXPLORER | OFN_PATHMUSTEXIST | OFN_HIDEREADONLY | + OFN_OVERWRITEPROMPT; + if(!GetSaveFileName(&ofn)) + return; + + txt=log_txt(); /* need to convert the result to plain ASCII */ + str=tstr2str(txt); + str_free(txt); + save_text_file(file_name, str); + str_free(str); +} + +static int save_text_file(LPTSTR file_name, char *str) { + HANDLE file_handle; + DWORD ignore; + + file_handle=CreateFile(file_name, GENERIC_WRITE, 0, NULL, + CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if(file_handle==INVALID_HANDLE_VALUE) { + error_box("CreateFile"); + return 1; + } + if(!WriteFile(file_handle, str, strlen(str), &ignore, NULL)) { + CloseHandle(file_handle); + error_box("WriteFile"); + return 1; + } + CloseHandle(file_handle); + return 0; +} + +static void win_log(LPSTR line) { + struct LIST *curr; + int len; + static int log_len=0; + LPTSTR txt; + + txt=str2tstr(line); + len=_tcslen(txt); + /* this list is shared between threads */ + curr=str_alloc(sizeof(struct LIST)+len*sizeof(TCHAR)); + curr->len=len; + _tcscpy(curr->txt, txt); + str_free(txt); + curr->next=NULL; + + if(tail) + tail->next=curr; + tail=curr; + if(!head) + head=tail; + log_len++; + while(log_len>LOG_LINES) { + curr=head; + head=head->next; + /* this list is shared between threads */ + str_free(curr); + log_len--; + } + + new_logs=1; +} + +static void update_logs(void) { + LPTSTR txt; + + if(!InterlockedExchange(&new_logs, 0)) + return; + txt=log_txt(); + if(!txt) + return; + SetWindowText(edit_handle, txt); + str_free(txt); + SendMessage(edit_handle, WM_VSCROLL, (WPARAM)SB_BOTTOM, (LPARAM)0); +} + +static LPTSTR log_txt(void) { + LPTSTR buff; + int ptr=0, len=0; + struct LIST *curr; + + for(curr=head; curr; curr=curr->next) + len+=curr->len+2; /* +2 for trailing '\r\n' */ + buff=str_alloc((len+1)*sizeof(TCHAR)); /* +1 for trailing '\0' */ + for(curr=head; curr; curr=curr->next) { + memcpy(buff+ptr, curr->txt, curr->len*sizeof(TCHAR)); + ptr+=curr->len; + if(curr->next) { + buff[ptr++]='\r'; + buff[ptr++]='\n'; + } + } + buff[ptr]='\0'; + + return buff; +} + +/**************************************** worker thread */ + +static void daemon_thread(void *arg) { + (void)arg; /* skip warning about unused parameter */ + + main_initialize(); + /* get a valid configuration */ + while(main_configure(cmdline.config_file, NULL)) { + unbind_ports(); /* in case initialization failed after bind_ports() */ + log_flush(LOG_MODE_ERROR); /* otherwise logs are buffered */ + PostMessage(hwnd, WM_INVALID_CONFIG, 0, 0); /* display error */ + WaitForSingleObject(config_ready, INFINITE); + log_close(); /* prevent main_configure() from logging in error mode */ + } + error_mode=0; /* a valid configuration was loaded */ + + /* start the main loop */ + daemon_loop(); + _endthread(); /* SIGNAL_TERMINATE received */ +} + +/**************************************** helper functions */ + +static void invalid_config() { + /* update the main window title */ + win32_name=TEXT("stunnel ") TEXT(STUNNEL_VERSION) TEXT(" on ") + TEXT(STUNNEL_PLATFORM) TEXT(" (invalid stunnel.conf)"); + SetWindowText(hwnd, win32_name); + + /* log window is hidden by default */ + ShowWindow(hwnd, SW_SHOWNORMAL); /* show window */ + SetForegroundWindow(hwnd); /* bring on top */ + + update_tray_icon(); + + win_log(""); + s_log(LOG_ERR, "Server is down"); + message_box("Stunnel server is down due to an error.\n" + "You need to exit and correct the problem.\n" + "Click OK to see the error log window.", + MB_ICONERROR); +} + +static void valid_config() { + /* update the main window title */ + win32_name=TEXT("stunnel ") TEXT(STUNNEL_VERSION) TEXT(" on ") + TEXT(STUNNEL_PLATFORM); + SetWindowText(hwnd, win32_name); + + if(global_options.option.taskbar) /* save menu resources */ + update_tray_icon(); + + update_peer_menu(); + + /* enable IDM_REOPEN_LOG menu if a log file is used, disable otherwise */ +#ifndef _WIN32_WCE + EnableMenuItem(main_menu_handle, IDM_REOPEN_LOG, + global_options.output_file ? MF_ENABLED : MF_GRAYED); +#endif + if(tray_menu_handle) + EnableMenuItem(tray_menu_handle, IDM_REOPEN_LOG, + global_options.output_file ? MF_ENABLED : MF_GRAYED); +} + +static void update_peer_menu(void) { + SERVICE_OPTIONS *section; +#ifndef _WIN32_WCE + HMENU main_peer_list=NULL; +#endif + HMENU tray_peer_list=NULL; + char *str; + unsigned int section_number; + MENUITEMINFO mii; + + /* purge menu peer lists */ +#ifndef _WIN32_WCE + if(main_menu_handle) + main_peer_list=GetSubMenu(main_menu_handle, 2); /* 3rd submenu */ + if(main_peer_list) + while(GetMenuItemCount(main_peer_list)) /* purge old menu */ + DeleteMenu(main_peer_list, 0, MF_BYPOSITION); +#endif + if(tray_menu_handle) + tray_peer_list=GetSubMenu(GetSubMenu(tray_menu_handle, 0), 2); + if(tray_peer_list) + while(GetMenuItemCount(tray_peer_list)) /* purge old menu */ + DeleteMenu(tray_peer_list, 0, MF_BYPOSITION); + + /* initialize data structures */ + number_of_sections=0; + for(section=service_options.next; section; section=section->next) + section->section_number=number_of_sections++; + + section_number=0; + for(section=service_options.next; section; section=section->next) { + /* setup section->file */ + str=str_printf("peer-%s.pem", section->servname); + section->file=str2tstr(str); + str_free(str); + + /* setup section->help */ + str=str_printf("peer-%s.pem", section->servname); + section->file=str2tstr(str); + str_free(str); + str=str_printf( + "Peer certificate chain has been saved.\n" + "Add the following lines to section [%s]:\n" + "\tCAfile = peer-%s.pem\n" + "\tverify = 3\n" + "to enable cryptographic authentication.\n" + "Then reload stunnel configuration file.", + section->servname, section->servname); + section->help=str2tstr(str); + str_free(str); + + /* setup section->chain */ + section->chain=NULL; + + /* insert new menu item */ + mii.cbSize=sizeof mii; + mii.fMask=MIIM_STRING|MIIM_DATA|MIIM_ID|MIIM_STATE; + mii.fType=MFT_STRING; + mii.dwTypeData=section->file; + mii.cch=_tcslen(mii.dwTypeData); + mii.wID=IDM_PEER_MENU+section_number; + mii.fState=MFS_GRAYED; +#ifndef _WIN32_WCE + if(main_peer_list) + if(!InsertMenuItem(main_peer_list, section_number, TRUE, &mii)) + ioerror("InsertMenuItem"); +#endif + if(tray_peer_list) + if(!InsertMenuItem(tray_peer_list, section_number, TRUE, &mii)) + ioerror("InsertMenuItem"); + ++section_number; + } + if(hwnd) + DrawMenuBar(hwnd); +} + +static void update_tray_icon(void) { + NOTIFYICONDATA nid; + + if(!tray_menu_handle) { /* initialize taskbar */ + tray_menu_handle=LoadMenu(ghInst, MAKEINTRESOURCE(IDM_TRAYMENU)); + SetTimer(hwnd, 0x29a, 1000, NULL); /* 1-second timer */ + } + ZeroMemory(&nid, sizeof nid); + nid.cbSize=sizeof nid; /* size */ + nid.hWnd=hwnd; /* window to receive notifications */ + nid.uID=1; /* application-defined ID for icon */ + if(error_mode) + _stprintf(nid.szTip, TEXT("Server is down")); + else + _stprintf(nid.szTip, TEXT("%d session(s) active"), num_clients); + nid.uFlags=NIF_TIP; + /* only nid.szTip and nid.uID are valid, change tip */ + if(Shell_NotifyIcon(NIM_MODIFY, &nid)) /* modify tooltip */ + return; /* OK: taskbar icon exists */ + + /* trying to update tooltip failed - lets try to create the icon */ + nid.uFlags=NIF_MESSAGE | NIF_ICON | NIF_TIP; + nid.uCallbackMessage=WM_SYSTRAY; + nid.hIcon=small_icon; /* 16x16 icon */ + Shell_NotifyIcon(NIM_ADD, &nid); /* this adds the icon */ +} + +static void error_box(const LPSTR text) { + char *errmsg, *fullmsg; + LPTSTR tstr; + long dw; + + dw=GetLastError(); + FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM, + NULL, dw, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPTSTR)&tstr, 0, NULL); + errmsg=tstr2str(tstr); + LocalFree(tstr); + fullmsg=str_printf("%s: error %ld: %s", text, dw, errmsg); + str_free(errmsg); + message_box(fullmsg, MB_ICONERROR); + str_free(fullmsg); +} + +static void message_box(const LPSTR text, const UINT type) { + LPTSTR tstr; + + if(cmdline.quiet) + return; + tstr=str2tstr(text); + MessageBox(hwnd, tstr, win32_name, type); + str_free(tstr); +} + +static void edit_config(HWND main_window_handle) { + char cwd[MAX_PATH], *conf_path; + + if(is_admin()) { + ShellExecute(main_window_handle, TEXT("open"), + TEXT("notepad.exe"), TEXT("stunnel.conf"), + NULL, SW_SHOWNORMAL); + } else { /* UAC workaround */ + GetCurrentDirectory(MAX_PATH, cwd); + conf_path=str_printf("%s\\stunnel.conf", cwd); + ShellExecute(main_window_handle, TEXT("runas"), + TEXT("notepad.exe"), conf_path, + NULL, SW_SHOWNORMAL); + str_free(conf_path); + } +} + +static BOOL is_admin(void) { + SID_IDENTIFIER_AUTHORITY NtAuthority={SECURITY_NT_AUTHORITY}; + PSID admin_group; + BOOL retval; + + retval=AllocateAndInitializeSid(&NtAuthority, 2, + SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, &admin_group); + if(retval) { + if(!CheckTokenMembership(NULL, admin_group, &retval)) + retval=FALSE; + FreeSid(admin_group); + } + return retval; +} + +/**************************************** windows service */ + +#ifndef _WIN32_WCE + +static int service_initialize(void) { + SERVICE_TABLE_ENTRY serviceTable[]={{0, 0}, {0, 0}}; + + serviceTable[0].lpServiceName=SERVICE_NAME; + serviceTable[0].lpServiceProc=service_main; + global_options.option.taskbar=0; /* disable taskbar for security */ + if(!StartServiceCtrlDispatcher(serviceTable)) { + error_box("StartServiceCtrlDispatcher"); + return 1; + } + return 0; /* NT service started */ +} + +static int service_install(LPSTR command_line) { + SC_HANDLE scm, service; + char stunnel_exe_path[MAX_PATH], *service_path; + + scm=OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE); + if(!scm) { + error_box("OpenSCManager"); + return 1; + } + GetModuleFileName(0, stunnel_exe_path, MAX_PATH); + service_path=str_printf("\"%s\" -service %s", stunnel_exe_path, command_line); + service=CreateService(scm, SERVICE_NAME, SERVICE_NAME, SERVICE_ALL_ACCESS, + SERVICE_WIN32_OWN_PROCESS|SERVICE_INTERACTIVE_PROCESS, + SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, service_path, + NULL, NULL, NULL, NULL, NULL); + str_free(service_path); + if(!service) { + error_box("CreateService"); + CloseServiceHandle(scm); + return 1; + } + message_box("Service installed", MB_ICONINFORMATION); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 0; +} + +static int service_uninstall(void) { + SC_HANDLE scm, service; + SERVICE_STATUS serviceStatus; + + scm=OpenSCManager(0, 0, SC_MANAGER_CONNECT); + if(!scm) { + error_box("OpenSCManager"); + return 1; + } + service=OpenService(scm, SERVICE_NAME, SERVICE_QUERY_STATUS|DELETE); + if(!service) { + error_box("OpenService"); + CloseServiceHandle(scm); + return 1; + } + if(!QueryServiceStatus(service, &serviceStatus)) { + error_box("QueryServiceStatus"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + if(serviceStatus.dwCurrentState!=SERVICE_STOPPED) { + message_box("The service is still running", MB_ICONERROR); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + if(!DeleteService(service)) { + error_box("DeleteService"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + message_box("Service uninstalled", MB_ICONINFORMATION); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 0; +} + +static int service_start(void) { + SC_HANDLE scm, service; + SERVICE_STATUS serviceStatus; + + scm=OpenSCManager(0, 0, SC_MANAGER_CONNECT); + if(!scm) { + error_box("OpenSCManager"); + return 1; + } + service=OpenService(scm, SERVICE_NAME, SERVICE_QUERY_STATUS|SERVICE_START); + if(!service) { + error_box("OpenService"); + CloseServiceHandle(scm); + return 1; + } + if(!StartService(service, 0, NULL)) { + error_box("StartService"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + do { + Sleep(1000); + if(!QueryServiceStatus(service, &serviceStatus)) { + error_box("QueryServiceStatus"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + } while(serviceStatus.dwCurrentState==SERVICE_START_PENDING); + if(serviceStatus.dwCurrentState!=SERVICE_RUNNING) { + message_box("Failed to start service", MB_ICONERROR); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + message_box("Service started", MB_ICONINFORMATION); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 0; +} + +static int service_stop(void) { + SC_HANDLE scm, service; + SERVICE_STATUS serviceStatus; + + scm=OpenSCManager(0, 0, SC_MANAGER_CONNECT); + if(!scm) { + error_box("OpenSCManager"); + return 1; + } + service=OpenService(scm, SERVICE_NAME, SERVICE_QUERY_STATUS|SERVICE_STOP); + if(!service) { + error_box("OpenService"); + CloseServiceHandle(scm); + return 1; + } + if(!QueryServiceStatus(service, &serviceStatus)) { + error_box("QueryServiceStatus"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + if(serviceStatus.dwCurrentState==SERVICE_STOPPED) { + message_box("The service is already stopped", MB_ICONERROR); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + if(!ControlService(service, SERVICE_CONTROL_STOP, &serviceStatus)) { + error_box("ControlService"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + do { + Sleep(1000); + if(!QueryServiceStatus(service, &serviceStatus)) { + error_box("QueryServiceStatus"); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 1; + } + } while(serviceStatus.dwCurrentState!=SERVICE_STOPPED); + message_box("Service stopped", MB_ICONINFORMATION); + CloseServiceHandle(service); + CloseServiceHandle(scm); + return 0; +} + +static void WINAPI service_main(DWORD argc, LPTSTR* argv) { + (void)argc; /* skip warning about unused parameter */ + (void)argv; /* skip warning about unused parameter */ + + /* initialise service status */ + serviceStatus.dwServiceType=SERVICE_WIN32; + serviceStatus.dwCurrentState=SERVICE_STOPPED; + serviceStatus.dwControlsAccepted=0; + serviceStatus.dwWin32ExitCode=NO_ERROR; + serviceStatus.dwServiceSpecificExitCode=NO_ERROR; + serviceStatus.dwCheckPoint=0; + serviceStatus.dwWaitHint=0; + + serviceStatusHandle= + RegisterServiceCtrlHandler(SERVICE_NAME, control_handler); + + if(serviceStatusHandle) { + /* service is starting */ + serviceStatus.dwCurrentState=SERVICE_START_PENDING; + SetServiceStatus(serviceStatusHandle, &serviceStatus); + + /* running */ + serviceStatus.dwControlsAccepted|= + (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN); + serviceStatus.dwCurrentState=SERVICE_RUNNING; + SetServiceStatus(serviceStatusHandle, &serviceStatus); + + gui_loop(); + + /* service was stopped */ + serviceStatus.dwCurrentState=SERVICE_STOP_PENDING; + SetServiceStatus(serviceStatusHandle, &serviceStatus); + + /* service is now stopped */ + serviceStatus.dwControlsAccepted&= + ~(SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN); + serviceStatus.dwCurrentState=SERVICE_STOPPED; + SetServiceStatus(serviceStatusHandle, &serviceStatus); + } +} + +static void WINAPI control_handler(DWORD controlCode) { + switch(controlCode) { + case SERVICE_CONTROL_INTERROGATE: + break; + + case SERVICE_CONTROL_SHUTDOWN: + case SERVICE_CONTROL_STOP: + serviceStatus.dwCurrentState=SERVICE_STOP_PENDING; + SetServiceStatus(serviceStatusHandle, &serviceStatus); + PostMessage(hwnd, WM_COMMAND, IDM_EXIT, 0); + return; + + case SERVICE_CONTROL_PAUSE: + break; + + case SERVICE_CONTROL_CONTINUE: + break; + + default: + if(controlCode >= 128 && controlCode <= 255) + break; /* user defined control code */ + else + break; /* unrecognised control code */ + } + + SetServiceStatus(serviceStatusHandle, &serviceStatus); +} + +#endif /* !defined(_WIN32_WCE) */ + +/* end of gui.c */ diff --git a/src/libwrap.c b/src/libwrap.c new file mode 100644 index 0000000..d1dd209 --- /dev/null +++ b/src/libwrap.c @@ -0,0 +1,308 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#ifdef USE_LIBWRAP + +#include + +static int check(char *, int); + +int allow_severity=LOG_NOTICE, deny_severity=LOG_WARNING; + +#ifdef USE_PTHREAD +#define SERVNAME_LEN 256 + +static ssize_t read_fd(int, void *, size_t, int *); +static ssize_t write_fd(int, void *, size_t, int); + +int num_processes=0; +static int *ipc_socket, *busy; +#endif /* USE_PTHREAD */ + +int libwrap_init() { +#ifdef USE_PTHREAD + int i, j, rfd, result; + char servname[SERVNAME_LEN]; + static int initialized=0; + SERVICE_OPTIONS *opt; + + if(initialized) /* during startup or previous configuration file reload */ + return 0; + for(opt=service_options.next; opt; opt=opt->next) + if(opt->option.libwrap) /* libwrap is enabled for this service */ + break; + if(!opt) /* disabled for all sections or inetd mode (no sections) */ + return 0; + + num_processes=LIBWRAP_CLIENTS; + ipc_socket=str_alloc(2*num_processes*sizeof(int)); + busy=str_alloc(num_processes*sizeof(int)); + for(i=0; i=0) + close(rfd); + } + default: /* parent */ + close(ipc_socket[2*i+1]); /* child-side socket */ + } + } + initialized=1; +#endif /* USE_PTHREAD */ + return 0; +} + +void libwrap_auth(CLI *c, char *accepted_address) { + int result=0; /* deny by default */ +#ifdef USE_PTHREAD + static volatile int num_busy=0, roundrobin=0; + int retval, my_process; + static pthread_mutex_t mutex=PTHREAD_MUTEX_INITIALIZER; + static pthread_cond_t cond=PTHREAD_COND_INITIALIZER; +#endif /* USE_PTHREAD */ + + if(!c->opt->option.libwrap) /* libwrap is disabled for this service */ + return; /* allow connection */ +#ifdef HAVE_STRUCT_SOCKADDR_UN + if(c->peer_addr.sa.sa_family==AF_UNIX) { + s_log(LOG_INFO, "Libwrap is not supported on Unix sockets"); + return; + } +#endif +#ifdef USE_PTHREAD + if(num_processes) { + s_log(LOG_DEBUG, "Waiting for a libwrap process"); + + retval=pthread_mutex_lock(&mutex); + if(retval) { + errno=retval; + ioerror("pthread_mutex_lock"); + longjmp(c->err, 1); + } + while(num_busy==num_processes) { /* all child processes are busy */ + retval=pthread_cond_wait(&cond, &mutex); + if(retval) { + errno=retval; + ioerror("pthread_cond_wait"); + longjmp(c->err, 1); + } + } + while(busy[roundrobin]) /* find a free child process */ + roundrobin=(roundrobin+1)%num_processes; + my_process=roundrobin; /* the process allocated by this thread */ + ++num_busy; /* the child process has been allocated */ + busy[my_process]=1; /* mark the child process as busy */ + retval=pthread_mutex_unlock(&mutex); + if(retval) { + errno=retval; + ioerror("pthread_mutex_unlock"); + longjmp(c->err, 1); + } + + s_log(LOG_DEBUG, "Acquired libwrap process #%d", my_process); + write_fd(ipc_socket[2*my_process], c->opt->servname, + strlen(c->opt->servname)+1, c->local_rfd.fd); + read_blocking(c, ipc_socket[2*my_process], + (u8 *)&result, sizeof result); + s_log(LOG_DEBUG, "Releasing libwrap process #%d", my_process); + + retval=pthread_mutex_lock(&mutex); + if(retval) { + errno=retval; + ioerror("pthread_mutex_lock"); + longjmp(c->err, 1); + } + busy[my_process]=0; /* mark the child process as free */ + --num_busy; /* the child process has been released */ + if(num_busy==num_processes-1) { /* need to wake up a thread */ + retval=pthread_cond_signal(&cond); /* signal waiting threads */ + if(retval) { + errno=retval; + ioerror("pthread_cond_signal"); + longjmp(c->err, 1); + } + } + retval=pthread_mutex_unlock(&mutex); + if(retval) { + errno=retval; + ioerror("pthread_mutex_unlock"); + longjmp(c->err, 1); + } + + s_log(LOG_DEBUG, "Released libwrap process #%d", my_process); + } else +#endif /* USE_PTHREAD */ + { /* use original, synchronous libwrap calls */ + enter_critical_section(CRIT_LIBWRAP); + result=check(c->opt->servname, c->local_rfd.fd); + leave_critical_section(CRIT_LIBWRAP); + } + if(!result) { + s_log(LOG_WARNING, "Service [%s] REFUSED by libwrap from %s", + c->opt->servname, accepted_address); + s_log(LOG_DEBUG, "See hosts_access(5) manual for details"); + longjmp(c->err, 1); + } + s_log(LOG_DEBUG, "Service [%s] permitted by libwrap from %s", + c->opt->servname, accepted_address); +} + +static int check(char *name, int fd) { + struct request_info request; + + request_init(&request, RQ_DAEMON, name, RQ_FILE, fd, 0); + fromhost(&request); + return hosts_access(&request); +} + +#ifdef USE_PTHREAD + +static ssize_t read_fd(int fd, void *ptr, size_t nbytes, int *recvfd) { + struct msghdr msg; + struct iovec iov[1]; + ssize_t n; + +#ifdef HAVE_MSGHDR_MSG_CONTROL + union { + struct cmsghdr cm; + char control[CMSG_SPACE(sizeof(int))]; + } control_un; + struct cmsghdr *cmptr; + + msg.msg_control=control_un.control; + msg.msg_controllen=sizeof control_un.control; +#else + int newfd; + + msg.msg_accrights=(caddr_t)&newfd; + msg.msg_accrightslen=sizeof(int); +#endif + + msg.msg_name=NULL; + msg.msg_namelen=0; + + iov[0].iov_base=ptr; + iov[0].iov_len=nbytes; + msg.msg_iov=iov; + msg.msg_iovlen=1; + + *recvfd=-1; /* descriptor was not passed */ + n=recvmsg(fd, &msg, 0); + if(n<=0) + return n; + +#ifdef HAVE_MSGHDR_MSG_CONTROL + cmptr=CMSG_FIRSTHDR(&msg); + if(!cmptr || cmptr->cmsg_len!=CMSG_LEN(sizeof(int))) + return n; + if(cmptr->cmsg_level!=SOL_SOCKET) { + s_log(LOG_ERR, "control level != SOL_SOCKET"); + return -1; + } + if(cmptr->cmsg_type!=SCM_RIGHTS) { + s_log(LOG_ERR, "control type != SCM_RIGHTS"); + return -1; + } + memcpy(recvfd, CMSG_DATA(cmptr), sizeof(int)); +#else + if(msg.msg_accrightslen==sizeof(int)) + *recvfd=newfd; +#endif + + return n; +} + +static ssize_t write_fd(int fd, void *ptr, size_t nbytes, int sendfd) { + struct msghdr msg; + struct iovec iov[1]; + +#ifdef HAVE_MSGHDR_MSG_CONTROL + union { + struct cmsghdr cm; + char control[CMSG_SPACE(sizeof(int))]; + } control_un; + struct cmsghdr *cmptr; + + msg.msg_control=control_un.control; + msg.msg_controllen=sizeof control_un.control; + + cmptr=CMSG_FIRSTHDR(&msg); + cmptr->cmsg_len=CMSG_LEN(sizeof(int)); + cmptr->cmsg_level=SOL_SOCKET; + cmptr->cmsg_type=SCM_RIGHTS; + memcpy(CMSG_DATA(cmptr), &sendfd, sizeof(int)); +#else + msg.msg_accrights=(caddr_t)&sendfd; + msg.msg_accrightslen=sizeof(int); +#endif + + msg.msg_name=NULL; + msg.msg_namelen=0; + + iov[0].iov_base=ptr; + iov[0].iov_len=nbytes; + msg.msg_iov=iov; + msg.msg_iovlen=1; + + return sendmsg(fd, &msg, 0); +} + +#endif /* USE_PTHREAD */ + +#endif /* USE_LIBWRAP */ + +/* end of libwrap.c */ diff --git a/src/log.c b/src/log.c new file mode 100644 index 0000000..158b182 --- /dev/null +++ b/src/log.c @@ -0,0 +1,390 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +static void log_raw(const int, const char *, const char *, const char *); + +static DISK_FILE *outfile=NULL; +static struct LIST { /* single-linked list of log lines */ + struct LIST *next; + int level; + char *stamp, *id, *text; +} *head=NULL, *tail=NULL; +static LOG_MODE mode=LOG_MODE_NONE; + +#if !defined(USE_WIN32) && !defined(__vms) + +static int syslog_opened=0; + +void syslog_open(void) { + syslog_close(); + if(global_options.option.syslog) +#ifdef __ultrix__ + openlog("stunnel", 0); +#else + openlog("stunnel", LOG_CONS|LOG_NDELAY, global_options.facility); +#endif /* __ultrix__ */ + syslog_opened=1; +} + +void syslog_close(void) { + if(syslog_opened) { + if(global_options.option.syslog) + closelog(); + syslog_opened=0; + } +} + +#endif /* !defined(USE_WIN32) && !defined(__vms) */ + +void log_open(void) { + if(global_options.output_file) { /* 'output' option specified */ + outfile=file_open(global_options.output_file, 1); + if(!outfile) + s_log(LOG_ERR, "Unable to open output file: %s", + global_options.output_file); + } + log_flush(LOG_MODE_CONFIGURED); +} + +void log_close(void) { + mode=LOG_MODE_NONE; + if(outfile) { + file_close(outfile); + outfile=NULL; + } +} + +void log_flush(LOG_MODE new_mode) { + struct LIST *tmp; + + /* prevent changing LOG_MODE_CONFIGURED to LOG_MODE_ERROR + * once stderr file descriptor is closed */ + if(mode!=LOG_MODE_CONFIGURED) + mode=new_mode; + + enter_critical_section(CRIT_LOG); + while(head) { + log_raw(head->level, head->stamp, head->id, head->text); + str_free(head->stamp); + str_free(head->id); + str_free(head->text); + tmp=head; + head=head->next; + str_free(tmp); + } + leave_critical_section(CRIT_LOG); + head=tail=NULL; +} + +void s_log(int level, const char *format, ...) { + va_list ap; + char *text, *stamp, *id; + struct LIST *tmp; + int libc_error, socket_error; + time_t gmt; + struct tm *timeptr; +#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) + struct tm timestruct; +#endif + + /* performance optimization: skip the trivial case early */ + if(mode==LOG_MODE_CONFIGURED && level>global_options.debug_level) + return; + + libc_error=get_last_error(); + socket_error=get_last_socket_error(); + + time(&gmt); +#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) + timeptr=localtime_r(&gmt, ×truct); +#else + timeptr=localtime(&gmt); +#endif + stamp=str_printf("%04d.%02d.%02d %02d:%02d:%02d", + timeptr->tm_year+1900, timeptr->tm_mon+1, timeptr->tm_mday, + timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec); + id=str_printf("LOG%d[%lu:%lu]", + level, stunnel_process_id(), stunnel_thread_id()); + va_start(ap, format); + text=str_vprintf(format, ap); + va_end(ap); + + if(mode==LOG_MODE_NONE) { /* save the text to log it later */ + enter_critical_section(CRIT_LOG); + tmp=str_alloc(sizeof(struct LIST)); + str_detach(tmp); + tmp->next=NULL; + tmp->level=level; + tmp->stamp=stamp; + str_detach(tmp->stamp); + tmp->id=id; + str_detach(tmp->id); + tmp->text=text; + str_detach(tmp->text); + if(tail) + tail->next=tmp; + else + head=tmp; + tail=tmp; + leave_critical_section(CRIT_LOG); + } else { /* ready log the text directly */ + log_raw(level, stamp, id, text); + str_free(stamp); + str_free(id); + str_free(text); + } + + set_last_error(libc_error); + set_last_socket_error(socket_error); +} + +static void log_raw(const int level, const char *stamp, + const char *id, const char *text) { + char *line; + + /* build the line and log it to syslog/file */ + if(mode==LOG_MODE_CONFIGURED) { /* configured */ + line=str_printf("%s %s: %s", stamp, id, text); + if(level<=global_options.debug_level) { +#if !defined(USE_WIN32) && !defined(__vms) + if(global_options.option.syslog) + syslog(level, "%s: %s", id, text); +#endif /* USE_WIN32, __vms */ + if(outfile) + file_putline(outfile, line); /* send log to file */ + } + } else /* LOG_MODE_ERROR or LOG_MODE_INFO */ + line=str_dup(text); /* don't log the time stamp in error mode */ + + /* log the line to GUI/stderr */ +#ifdef USE_WIN32 + if(mode==LOG_MODE_ERROR || /* always log to the GUI window */ + (mode==LOG_MODE_INFO && levelfh, text, strlen(text), &num, NULL); +#else /* USE_WIN32 */ + /* no file -> write to stderr */ + write(outfile ? outfile->fd : 2, text, strlen(text)); +#endif /* USE_WIN32 */ + } + +#ifndef USE_WIN32 + if(mode!=LOG_MODE_CONFIGURED || global_options.option.foreground) + fputs(text, stderr); +#endif /* !USE_WIN32 */ + + snprintf(text, sizeof text, /* without newline */ + "INTERNAL ERROR: %s at %s, line %d", error, file, line); + +#if !defined(USE_WIN32) && !defined(__vms) + if(global_options.option.syslog) + syslog(LOG_CRIT, "%s", text); +#endif /* USE_WIN32, __vms */ + +#ifdef USE_WIN32 +#ifdef _WIN32_WCE + MessageBox(hwnd, TEXT("INTERNAL ERROR"), + TEXT("stunnel"), MB_ICONERROR); +#else /* _WIN32_WCE */ + MessageBox(hwnd, text, "stunnel", MB_ICONERROR); +#endif /* _WIN32_WCE */ +#endif /* USE_WIN32 */ + + abort(); +} + +void ioerror(const char *txt) { /* input/output error */ + log_error(LOG_ERR, get_last_error(), txt); +} + +void sockerror(const char *txt) { /* socket error */ + log_error(LOG_ERR, get_last_socket_error(), txt); +} + +void log_error(int level, int error, const char *txt) { /* generic error */ + s_log(level, "%s: %s (%d)", txt, s_strerror(error), error); +} + +char *s_strerror(int errnum) { + switch(errnum) { +#ifdef USE_WIN32 + case 10004: + return "Interrupted system call (WSAEINTR)"; + case 10009: + return "Bad file number (WSAEBADF)"; + case 10013: + return "Permission denied (WSAEACCES)"; + case 10014: + return "Bad address (WSAEFAULT)"; + case 10022: + return "Invalid argument (WSAEINVAL)"; + case 10024: + return "Too many open files (WSAEMFILE)"; + case 10035: + return "Operation would block (WSAEWOULDBLOCK)"; + case 10036: + return "Operation now in progress (WSAEINPROGRESS)"; + case 10037: + return "Operation already in progress (WSAEALREADY)"; + case 10038: + return "Socket operation on non-socket (WSAENOTSOCK)"; + case 10039: + return "Destination address required (WSAEDESTADDRREQ)"; + case 10040: + return "Message too long (WSAEMSGSIZE)"; + case 10041: + return "Protocol wrong type for socket (WSAEPROTOTYPE)"; + case 10042: + return "Bad protocol option (WSAENOPROTOOPT)"; + case 10043: + return "Protocol not supported (WSAEPROTONOSUPPORT)"; + case 10044: + return "Socket type not supported (WSAESOCKTNOSUPPORT)"; + case 10045: + return "Operation not supported on socket (WSAEOPNOTSUPP)"; + case 10046: + return "Protocol family not supported (WSAEPFNOSUPPORT)"; + case 10047: + return "Address family not supported by protocol family (WSAEAFNOSUPPORT)"; + case 10048: + return "Address already in use (WSAEADDRINUSE)"; + case 10049: + return "Can't assign requested address (WSAEADDRNOTAVAIL)"; + case 10050: + return "Network is down (WSAENETDOWN)"; + case 10051: + return "Network is unreachable (WSAENETUNREACH)"; + case 10052: + return "Net dropped connection or reset (WSAENETRESET)"; + case 10053: + return "Software caused connection abort (WSAECONNABORTED)"; + case 10054: + return "Connection reset by peer (WSAECONNRESET)"; + case 10055: + return "No buffer space available (WSAENOBUFS)"; + case 10056: + return "Socket is already connected (WSAEISCONN)"; + case 10057: + return "Socket is not connected (WSAENOTCONN)"; + case 10058: + return "Can't send after socket shutdown (WSAESHUTDOWN)"; + case 10059: + return "Too many references, can't splice (WSAETOOMANYREFS)"; + case 10060: + return "Connection timed out (WSAETIMEDOUT)"; + case 10061: + return "Connection refused (WSAECONNREFUSED)"; + case 10062: + return "Too many levels of symbolic links (WSAELOOP)"; + case 10063: + return "File name too long (WSAENAMETOOLONG)"; + case 10064: + return "Host is down (WSAEHOSTDOWN)"; + case 10065: + return "No Route to Host (WSAEHOSTUNREACH)"; + case 10066: + return "Directory not empty (WSAENOTEMPTY)"; + case 10067: + return "Too many processes (WSAEPROCLIM)"; + case 10068: + return "Too many users (WSAEUSERS)"; + case 10069: + return "Disc Quota Exceeded (WSAEDQUOT)"; + case 10070: + return "Stale NFS file handle (WSAESTALE)"; + case 10091: + return "Network SubSystem is unavailable (WSASYSNOTREADY)"; + case 10092: + return "WINSOCK DLL Version out of range (WSAVERNOTSUPPORTED)"; + case 10093: + return "Successful WSASTARTUP not yet performed (WSANOTINITIALISED)"; + case 10071: + return "Too many levels of remote in path (WSAEREMOTE)"; + case 11001: + return "Host not found (WSAHOST_NOT_FOUND)"; + case 11002: + return "Non-Authoritative Host not found (WSATRY_AGAIN)"; + case 11003: + return "Non-Recoverable errors: FORMERR, REFUSED, NOTIMP (WSANO_RECOVERY)"; + case 11004: + return "Valid name, no data record of requested type (WSANO_DATA)"; +#if 0 + case 11004: /* typically, only WSANO_DATA is reported */ + return "No address, look for MX record (WSANO_ADDRESS)"; +#endif +#endif /* defined USE_WIN32 */ + default: + return strerror(errnum); + } +} + +/* end of log.c */ diff --git a/src/make.bat b/src/make.bat new file mode 100644 index 0000000..2961154 --- /dev/null +++ b/src/make.bat @@ -0,0 +1,8 @@ +@echo off +:: pdelaage commented : make.exe -f mingw.mak %1 %2 %3 %4 %5 %6 %7 %8 %9 +:: on Windows, make is Borland make, but mingw.mak is NOW only compatible +:: with gnu make (due to various improvments I made, for compatibility between +:: linux and Windows host environments. +:: and echo OFF is the sign we are HERE on Windows, isn't it?... + +mingw32-make.exe -f mingw.mak %1 %2 %3 %4 %5 %6 %7 %8 %9 diff --git a/src/makece.bat b/src/makece.bat new file mode 100644 index 0000000..8edd440 --- /dev/null +++ b/src/makece.bat @@ -0,0 +1,73 @@ +@echo off +:: created by pdelaage on 20100928 +:: usage : makece ARMV4|X86|... other cpus: see bat scripts in evc/bin +:: eg makece X86, makece X86 clean +:: makece <=> makece ARMV4 all +:: NEVER DO makece clean ! but makece TARGETCPU clean ! +:: Note : adapt EVC/bin/WCE.bat scripts +Title WCE STUNNEL + +:: !!!!!!!!!!!!!! +:: CUSTOMIZE THIS according to your EVC INSTALLED ENVIRONMENT +:: !!!!!!!!!!!!!! + +set OSVERSION=WCE420 +set PLATFORM=STANDARDSDK +set WCEROOT=C:\Program Files\MSEVC4 +set SDKROOT=C:\Program Files\Microsoft SDKs + +:: !!!!!!!!!!!!!!!!!! +:: END CUSTOMIZATION +:: !!!!!!!!!!!!!!!!!! + +:: Define TARGET CPU +:: ----------------- + +:: define "new" target (useful if one wants to compile for various WCE target CPUs) +if "%1"=="" echo "USAGE : makece TARGETCPU other_make_options..." +if "%1"=="" echo "TARGETCPU=(ARMV4|ARMV4I|ARMV4T|MIPS16|MIPSII|MIPSII_FP|MIPSIV|MIPSIV_FP|SH3|SH4|X86), other cpu: see bat scripts in evc/bin" +if "%1"=="" echo "!!! do not hesitate to adapt evc.mak for CPU and/or better compilation flags !!!" +if "%1"=="" exit /B + +:: old code to default to ARMV4, but it is better that users are WARNED that the script now need an explicit target! +::if "%1"=="" set NEWTGTCPU=ARMV4 + +if NOT DEFINED TARGETCPU set TARGETCPU=XXXXX +if NOT "%1"=="" set NEWTGTCPU=%1 +if NOT "%1"=="" shift + +echo WCE TARGET CPU is %NEWTGTCPU% + +rem Adjust MS EVC env vars +rem ---------------------- + +rem Check MSenv vars against our ref values + +set isenvok=0 +if "%NEWTGTCPU%"=="%TARGETCPU%" set /A "isenvok+=1" + +if %isenvok%==1 echo WCE ENVIRONMENT OK +if %isenvok%==1 goto envisok + +:: useless since separated tgt folders +::echo WCE TARGET CPU changed, destroying every obj files +::del .\*.obj + +:: if env is NOT ok, adjust MS EVC env vars to be used by MS WCE.BAT +:: (this is to avoid repetitive pollution of PATH) + +echo WCE ENVIRONMENT ADJUSTED + +:: call "%WCEROOT%\EVC\WCE420\BIN\WCE%NEWTGTCPU%.BAT" +call "%WCEROOT%\EVC\%OSVERSION%\bin\WCE%NEWTGTCPU%.BAT" + +set TARGETCPU=%NEWTGTCPU% + +:envisok + +::exit /B + +rem make everything +rem --------------- + +nmake /NOLOGO -f evc.mak %1 %2 %3 %4 %5 %6 %7 %8 %9 diff --git a/src/makew32.bat b/src/makew32.bat new file mode 100644 index 0000000..4fc7780 --- /dev/null +++ b/src/makew32.bat @@ -0,0 +1,45 @@ +@echo off +TITLE W32 STUNNEL +::pdelaage 20101026: for use with MS VCexpress 2008 (v9) +::some trick to avoid re-pollution of env vars as much as possible + +:: In multitarget compilation environment, it is better to open a new cmd.exe window +:: to avoid pollution of PATH from, eg, some previous WCE compilation attempts. + +set NEWTGTCPU=W32 + +rem Adjust MS VC env vars +rem --------------------- + +rem Check MSenv vars against our ref values + +set isenvok=0 +if NOT DEFINED TARGETCPU set TARGETCPU=XXXXX +if "%NEWTGTCPU%"=="%TARGETCPU%" set /A "isenvok+=1" + +if %isenvok%==1 echo W32 ENVIRONMENT OK +if %isenvok%==1 goto envisok + +:: useless since separated tgt folders +::echo W32 TARGET CPU changed, destroying every obj files +::del .\*.obj + +:: if env is NOT ok, adjust MS VC env vars to be used by MS VC +:: (this is to avoid repetitive pollution of PATH) + +echo W32 ENVIRONMENT ADJUSTED + +:: reset of INCLUDE needed because of accumulation of includes in vcvars32 + +set INCLUDE= + +call "C:\Program Files\Microsoft Visual Studio 9.0\VC\bin\vcvars32.bat" + +set TARGETCPU=%NEWTGTCPU% + +:envisok + +rem make everything +rem --------------- + +nmake.exe -f vc.mak %1 %2 %3 %4 %5 %6 %7 %8 %9 diff --git a/src/mingw.mak b/src/mingw.mak new file mode 100644 index 0000000..d469ae2 --- /dev/null +++ b/src/mingw.mak @@ -0,0 +1,162 @@ +# Simple Makefile.w32 for stunnel.exe by Michal Trojnara 1998-2007 +# +# Modified by Brian Hatch (bri@stunnel.org) +# 20101030 pdelaage: +# + multi-HOST management (if used on Windows host or Linux Host) +# + lack of gnu-win32 (rm) detection +# note: rm is used INTERNALLY by gcc for deletion if intermediate files. + +# This makefile is only tested on the mingw compiler. Mingw can successfully +# compile both openssl and stunnel. If you want to use another compiler, give +# it a shot, and tell us how it went. + +# pdelaage : THIS makefile can be used with mingw-make on Windows or gnu make +# on Linux, to produce the Win32 version of stunnel (target is win32). It +# requires, on Windows, the use of gnu-win32 tools: rm, mkdir, rmdir that +# manages files and dirs BOTH on linux and Windows with / as path separator. +# Note: Native windows equivalent, del and mkdir/rmdir, badly manage / and \, +# so they cannot be used here. +# On Windows host, download: +# http://gnuwin32.sourceforge.net/downlinks/coreutils.php +# if you have forgotten this, this makefile will remind you... + +# Modify this to point to your actual openssl compile directory +# (You did already compile openssl, didn't you???) +SSLDIR=../openssl-1.0.0f +#SSLDIR=C:/Users/standard/Documents/Dvts/Contrib/openssl/v1.0.0c/patched3 + +# c:\, backslash is not correctly recognized by mingw32-make, produces some +# "missing separator" issue. +# pdelaage: simple trick to detect if we are using mingw-gcc on a Windows host, +# or on a linux host. windir is a system environment variable on windows NT +# and above, and then redefine some macros. +# note: ifdef is !IFDEF in MS nmake or Borland make. +# $(info is !MESSAGE in MS nmake or Borland make. + +ifdef windir +$(info host machine is a Windows machine ) +NULLDEV=NUL +MKDIR="C:\Program Files\GnuWin32\bin\mkdir.exe" +DELFILES="C:\Program Files\GnuWin32\bin\rm.exe" -f +DELDIR="C:\Program Files\GnuWin32\bin\rm.exe" -rf +else +$(info host machine is a linux machine ) +NULLDEV=/dev/null +MKDIR=mkdir +DELFILES=rm -f +DELDIR=rm -rf +endif + +TARGETCPU=MGW32 +SRC=../src +OBJROOT=../obj +OBJ=$(OBJROOT)/$(TARGETCPU) +BINROOT=../bin +BIN=$(BINROOT)/$(TARGETCPU) + +OBJS=$(OBJ)/stunnel.o $(OBJ)/ssl.o $(OBJ)/ctx.o $(OBJ)/verify.o \ + $(OBJ)/file.o $(OBJ)/client.o $(OBJ)/protocol.o $(OBJ)/sthreads.o \ + $(OBJ)/log.o $(OBJ)/options.o $(OBJ)/network.o $(OBJ)/resolver.o \ + $(OBJ)/gui.o $(OBJ)/resources.o $(OBJ)/str.o $(OBJ)/fd.o + +CC=gcc +RC=windres + +# pdelaage note: as a workaround for windres bug on resources.rc, equivalent to +# "use a temp file instead of popen" option between cpp and windres! +RCP=gcc -E -xc-header -DRC_INVOKED + +DEFINES=-D_WIN32_WINNT=0x0501 + +# some preprocessing debug : $(info DEFINES is $(DEFINES) ) + +#CFLAGS=-g -O2 -Wall $(DEFINES) -I$(SSLDIR)/outinc +#pdelaage : outinc not correct, it is inc32! +CFLAGS=-g -O2 -Wall $(DEFINES) -I$(SSLDIR)/inc32 + +# RFLAGS, note of pdelaage: windres accepts -fo for compatibility with ms tools +# default options : -J rc -O coff, input rc file, output coff file. + +RFLAGS=-v --use-temp-file $(DEFINES) +# following RFLAGS2 useful if one day use-temp-file does not exist anymore +RFLAGS2=-v $(DEFINES) +LDFLAGS=-s + +# LIBS=-L$(SSLDIR)/out -lssl -lcrypto -lwsock32 -lgdi32 -lcrypt32 +#20101030 pdelaage fix winsock2 and BAD sslpath ! LIBS=-L$(SSLDIR)/out -lzdll -leay32 -lssl32 -lwsock32 -lgdi32 -lcrypt32 +# added libeay instead of eay, ssleay instead of ssl32, suppressed zdll useless. +LIBS=-L$(SSLDIR)/out32dll -lssleay32 -llibeay32 -lws2_32 -lpsapi -lgdi32 -lcrypt32 +# IMPORTANT pdelaage : restore this if you need (but I do not see why) -lzdll + +$(OBJ)/%.o: $(SRC)/%.c + $(CC) $(CFLAGS) -o$@ -c $< + +$(OBJ)/%.o: $(SRC)/%.cpp + $(CC) $(CFLAGS) -o$@ -c $< + +$(OBJ)/%.o: $(SRC)/%.rc + $(RC) $(RFLAGS) -o$@ $< + +# pdelaage : trick for windres preprocessing popen bug on Windows, in case the windres option +# use_temp_file disappear one day... +# comment out the $(RC) rule above to activate the following + +$(OBJ)/%.rcp: $(SRC)/%.rc + $(RCP) $(DEFINES) -o$@ $< + +$(OBJ)/%.o: $(OBJ)/%.rcp + $(RC) $(RFLAGS2) -o$@ $< + +# Note : gnu-make will automatically RM the intermediate "rcp" file +# BUT it will ABSOLUTELY NEED the "rm" command available : not a problem on linux +# but on a windows dev host machine, one will need to install gnu-win32/rm command +# in the system... +# for debug of the preprocessed rcp file, because it is automatically deleted by gnu-make: cp $< $<.2 + +all: testenv makedirs $(BIN)/stunnel.exe + +#pdelaage : testenv purpose is to detect, on windows, whether Gnu-win32 has been properly installed... +# a first call to "true" is made to detect availability, a second is made to stop the make process. +ifdef windir +testenv: + -@ echo OFF + -@ true >$(NULLDEV) 2>&1 || echo You MUST install Gnu-Win32 coreutils \ + from http://gnuwin32.sourceforge.net/downlinks/coreutils.php \ + and set PATH to include C:\Program Files\GnuWin32\bin + @true >$(NULLDEV) 2>&1 +else +testenv: + -@ true >$(NULLDEV) 2>&1 || echo Your system lacks Gnu coreutils tools !!! + @true >$(NULLDEV) 2>&1 +endif + +clean: + -@ $(DELFILES) $(OBJ)/*.o + -@ $(DELFILES) $(BIN)/stunnel.exe >$(NULLDEV) 2>&1 + -@ $(DELDIR) $(OBJ) >$(NULLDEV) 2>&1 + -@ $(DELDIR) $(BIN) >$(NULLDEV) 2>&1 + +makedirs: + -@ $(MKDIR) $(OBJROOT) >$(NULLDEV) 2>&1 + -@ $(MKDIR) $(OBJ) >$(NULLDEV) 2>&1 + -@ $(MKDIR) $(BINROOT) >$(NULLDEV) 2>&1 + -@ $(MKDIR) $(BIN) >$(NULLDEV) 2>&1 + +# pseudo-target for RC-preprocessor debugging +# result appears OK, as a text file +faketest: + gcc -E -xc-header -DRC_INVOKED $(DEFINES) -o $(SRC)/resources.rcp $(SRC)/resources.rc + +$(OBJS): *.h mingw.mak + +$(BIN)/stunnel.exe: $(OBJS) + $(CC) $(LDFLAGS) -o $(BIN)/stunnel.exe $(OBJS) $(LIBS) -mwindows + +# "missing separator" issue with mingw32-make: tabs MUST BE TABS in your text +# editor, and not set of spaces even if your development host is windows. +# Some \ are badly tolerated by mingw32-make "!" directives, eg as !IF, +# accepted in MS nmake and Borland make ARE NOT supported by gnu make but they +# all have their equivalents. +# Gnu-make is case sensitive, while ms nmake or borland make are not. Anyway, +# on reference to env vars nmake convert env vars to UPPERCASE macro names... + diff --git a/src/network.c b/src/network.c new file mode 100644 index 0000000..cef6902 --- /dev/null +++ b/src/network.c @@ -0,0 +1,686 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +/* #define DEBUG_UCONTEXT */ + +/**************************************** s_poll functions */ + +#ifdef USE_POLL + +s_poll_set *s_poll_alloc() { + /* it needs to be filled with zeros */ + return str_alloc(sizeof(s_poll_set)); +} + +void s_poll_free(s_poll_set *fds) { + if(fds) { + if(fds->ufds) + str_free(fds->ufds); + str_free(fds); + } +} + +void s_poll_init(s_poll_set *fds) { + fds->nfds=0; + fds->allocated=4; /* prealloc 4 file desciptors */ + fds->ufds=str_realloc(fds->ufds, fds->allocated*sizeof(struct pollfd)); +} + +void s_poll_add(s_poll_set *fds, int fd, int rd, int wr) { + unsigned int i; + + for(i=0; infds && fds->ufds[i].fd!=fd; i++) + ; + if(i==fds->nfds) { + if(i==fds->allocated) { + fds->allocated=i+1; + fds->ufds=str_realloc(fds->ufds, fds->allocated*sizeof(struct pollfd)); + } + fds->ufds[i].fd=fd; + fds->ufds[i].events=0; + fds->nfds++; + } + if(rd) + fds->ufds[i].events|=POLLIN; + if(wr) + fds->ufds[i].events|=POLLOUT; +} + +int s_poll_canread(s_poll_set *fds, int fd) { + unsigned int i; + + for(i=0; infds; i++) + if(fds->ufds[i].fd==fd) + return fds->ufds[i].revents&(POLLIN|POLLHUP); /* read or closed */ + return 0; +} + +int s_poll_canwrite(s_poll_set *fds, int fd) { + unsigned int i; + + for(i=0; infds; i++) + if(fds->ufds[i].fd==fd) + return fds->ufds[i].revents&POLLOUT; /* it is possible to write */ + return 0; +} + +int s_poll_error(s_poll_set *fds, FD *s) { + unsigned int i; + + if(!s->is_socket) + return 0; + for(i=0; infds; i++) + if(fds->ufds[i].fd==s->fd) + return fds->ufds[i].revents&(POLLERR|POLLNVAL) ? + get_socket_error(s->fd) : 0; + return 0; +} + +#ifdef USE_UCONTEXT + +/* move ready contexts from waiting queue to ready queue */ +static void scan_waiting_queue(void) { + int retval; + CONTEXT *context, *prev; + int min_timeout; + unsigned int nfds, i; + time_t now; + static unsigned int max_nfds=0; + static struct pollfd *ufds=NULL; + + time(&now); + /* count file descriptors */ + min_timeout=-1; + nfds=0; + for(context=waiting_head; context; context=context->next) { + nfds+=context->fds->nfds; + if(context->finish>=0) /* finite time */ + if(min_timeout<0 || min_timeout>context->finish-now) + min_timeout=context->finish-now<0 ? 0 : context->finish-now; + } + /* setup ufds structure */ + if(nfds>max_nfds) { /* need to allocate more memory */ + ufds=str_realloc(ufds, nfds*sizeof(struct pollfd)); + max_nfds=nfds; + } + nfds=0; + for(context=waiting_head; context; context=context->next) + for(i=0; ifds->nfds; i++) { + ufds[nfds].fd=context->fds->ufds[i].fd; + ufds[nfds].events=context->fds->ufds[i].events; + nfds++; + } + +#ifdef DEBUG_UCONTEXT + s_log(LOG_DEBUG, "Waiting %d second(s) for %d file descriptor(s)", + min_timeout, nfds); +#endif + do { /* skip "Interrupted system call" errors */ + retval=poll(ufds, nfds, min_timeout<0 ? -1 : 1000*min_timeout); + } while(retval<0 && get_last_socket_error()==S_EINTR); + time(&now); + /* process the returned data */ + nfds=0; + prev=NULL; /* previous element of the waiting queue */ + context=waiting_head; + while(context) { + context->ready=0; + /* count ready file descriptors in each context */ + for(i=0; ifds->nfds; i++) { + context->fds->ufds[i].revents=ufds[nfds].revents; +#ifdef DEBUG_UCONTEXT + s_log(LOG_DEBUG, "CONTEXT %ld, FD=%d,%s%s ->%s%s%s%s%s", + context->id, ufds[nfds].fd, + ufds[nfds].events & POLLIN ? " IN" : "", + ufds[nfds].events & POLLOUT ? " OUT" : "", + ufds[nfds].revents & POLLIN ? " IN" : "", + ufds[nfds].revents & POLLOUT ? " OUT" : "", + ufds[nfds].revents & POLLERR ? " ERR" : "", + ufds[nfds].revents & POLLHUP ? " HUP" : "", + ufds[nfds].revents & POLLNVAL ? " NVAL" : ""); +#endif + if(ufds[nfds].revents) + context->ready++; + nfds++; + } + if(context->ready || (context->finish>=0 && context->finish<=now)) { + /* remove context from the waiting queue */ + if(prev) + prev->next=context->next; + else + waiting_head=context->next; + if(!context->next) /* same as context==waiting_tail */ + waiting_tail=prev; + + /* append context context to the ready queue */ + context->next=NULL; + if(ready_tail) + ready_tail->next=context; + ready_tail=context; + if(!ready_head) + ready_head=context; + } else { /* leave the context context in the waiting queue */ + prev=context; + } + context=prev ? prev->next : waiting_head; + } +} + +int s_poll_wait(s_poll_set *fds, int sec, int msec) { + CONTEXT *context; /* current context */ + static CONTEXT *to_free=NULL; /* delayed memory deallocation */ + + /* FIXME: msec parameter is currently ignored with UCONTEXT threads */ + (void)msec; /* skip warning about unused parameter */ + + /* remove the current context from ready queue */ + context=ready_head; + ready_head=ready_head->next; + if(!ready_head) /* the queue is empty */ + ready_tail=NULL; + /* it it safe to s_log() after new ready_head is set */ + + /* it's illegal to deallocate the stack of the current context */ + if(to_free) { /* a delayed deallocation is scheduled */ +#ifdef DEBUG_UCONTEXT + s_log(LOG_DEBUG, "Releasing context %ld", to_free->id); +#endif + str_free(to_free->stack); + str_free(to_free); + to_free=NULL; + } + + /* manage the current thread */ + if(fds) { /* something to wait for -> swap the context */ + context->fds=fds; /* set file descriptors to wait for */ + context->finish=sec<0 ? -1 : time(NULL)+sec; + + /* append the current context to the waiting queue */ + context->next=NULL; + if(waiting_tail) + waiting_tail->next=context; + waiting_tail=context; + if(!waiting_head) + waiting_head=context; + } else { /* nothing to wait for -> drop the context */ + to_free=context; /* schedule for delayed deallocation */ + } + + while(!ready_head) /* wait until there is a thread to switch to */ + scan_waiting_queue(); + + /* switch threads */ + if(fds) { /* swap the current context */ + if(context->id!=ready_head->id) { +#ifdef DEBUG_UCONTEXT + s_log(LOG_DEBUG, "Context swap: %ld -> %ld", + context->id, ready_head->id); +#endif + swapcontext(&context->context, &ready_head->context); +#ifdef DEBUG_UCONTEXT + s_log(LOG_DEBUG, "Current context: %ld", ready_head->id); +#endif + } + return ready_head->ready; + } else { /* drop the current context */ +#ifdef DEBUG_UCONTEXT + s_log(LOG_DEBUG, "Context set: %ld (dropped) -> %ld", + context->id, ready_head->id); +#endif + setcontext(&ready_head->context); + ioerror("setcontext"); /* should not ever happen */ + return 0; + } +} + +#else /* USE_UCONTEXT */ + +int s_poll_wait(s_poll_set *fds, int sec, int msec) { + int retval; + + do { /* skip "Interrupted system call" errors */ + retval=poll(fds->ufds, fds->nfds, sec<0 ? -1 : 1000*sec+msec); + } while(retval<0 && get_last_socket_error()==S_EINTR); + return retval; +} + +#endif /* USE_UCONTEXT */ + +#else /* select */ + +s_poll_set *s_poll_alloc() { + /* it needs to be filled with zeros */ + return str_alloc(sizeof(s_poll_set)); +} + +void s_poll_free(s_poll_set *fds) { + if(fds) + str_free(fds); +} + +void s_poll_init(s_poll_set *fds) { + FD_ZERO(&fds->irfds); + FD_ZERO(&fds->iwfds); + FD_ZERO(&fds->ixfds); + fds->max=0; /* no file descriptors */ +} + +void s_poll_add(s_poll_set *fds, int fd, int rd, int wr) { + if(rd) + FD_SET((unsigned int)fd, &fds->irfds); + if(wr) + FD_SET((unsigned int)fd, &fds->iwfds); + /* always expect errors (and the Spanish Inquisition) */ + FD_SET((unsigned int)fd, &fds->ixfds); + if(fd>fds->max) + fds->max=fd; +} + +int s_poll_canread(s_poll_set *fds, int fd) { + return FD_ISSET(fd, &fds->orfds); +} + +int s_poll_canwrite(s_poll_set *fds, int fd) { + return FD_ISSET(fd, &fds->owfds); +} + +int s_poll_error(s_poll_set *fds, FD *s) { + if(!s->is_socket) + return 0; /* getsockopt is only available on sockets */ + /* error conditions are signaled as read, but apparently *not* in Winsock: + * http://msdn.microsoft.com/en-us/library/windows/desktop/ms737625%28v=vs.85%29.aspx */ + if(!(FD_ISSET(s->fd, &fds->orfds) || FD_ISSET(s->fd, &fds->oxfds))) + return 0; + return get_socket_error(s->fd); /* check if it's really an error */ +} + +int s_poll_wait(s_poll_set *fds, int sec, int msec) { + int retval; + struct timeval tv, *tv_ptr; + + do { /* skip "Interrupted system call" errors */ + memcpy(&fds->orfds, &fds->irfds, sizeof(fd_set)); + memcpy(&fds->owfds, &fds->iwfds, sizeof(fd_set)); + memcpy(&fds->oxfds, &fds->ixfds, sizeof(fd_set)); + if(sec<0) { /* infinite timeout */ + tv_ptr=NULL; + } else { + tv.tv_sec=sec; + tv.tv_usec=1000*msec; + tv_ptr=&tv; + } + retval=select(fds->max+1, &fds->orfds, &fds->owfds, &fds->oxfds, tv_ptr); + } while(retval<0 && get_last_socket_error()==S_EINTR); + return retval; +} + +#endif /* USE_POLL */ + +/**************************************** fd management */ + +int set_socket_options(int s, int type) { + SOCK_OPT *ptr; + extern SOCK_OPT sock_opts[]; + static char *type_str[3]={"accept", "local", "remote"}; + int opt_size; + int retval=0; /* no error found */ + + for(ptr=sock_opts; ptr->opt_str; ptr++) { + if(!ptr->opt_val[type]) + continue; /* default */ + switch(ptr->opt_type) { + case TYPE_LINGER: + opt_size=sizeof(struct linger); + break; + case TYPE_TIMEVAL: + opt_size=sizeof(struct timeval); + break; + case TYPE_STRING: + opt_size=strlen(ptr->opt_val[type]->c_val)+1; + break; + default: + opt_size=sizeof(int); + } + if(setsockopt(s, ptr->opt_level, ptr->opt_name, + (void *)ptr->opt_val[type], opt_size)) { + if(get_last_socket_error()==S_EOPNOTSUPP) { + /* most likely stdin/stdout or AF_UNIX socket */ + s_log(LOG_DEBUG, + "Option %s not supported on %s socket", + ptr->opt_str, type_str[type]); + } else { + sockerror(ptr->opt_str); + retval=-1; /* failed to set this option */ + } + } +#ifdef DEBUG_FD_ALLOC + else { + s_log(LOG_DEBUG, "Option %s set on %s socket", + ptr->opt_str, type_str[type]); + } +#endif /* DEBUG_FD_ALLOC */ + } + return retval; /* returns 0 when all options succeeded */ +} + +int get_socket_error(const int fd) { + int err; + socklen_t optlen=sizeof err; + + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void *)&err, &optlen)) + err=get_last_socket_error(); /* failed -> ask why */ + return err; +} + +/**************************************** simulate blocking I/O */ + +int connect_blocking(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) { + int error; + char *dst; + + dst=s_ntop(addr, addrlen); + s_log(LOG_INFO, "connect_blocking: connecting %s", dst); + + if(!connect(c->fd, &addr->sa, addrlen)) { + s_log(LOG_NOTICE, "connect_blocking: connected %s", dst); + str_free(dst); + return 0; /* no error -> success (on some OSes over the loopback) */ + } + error=get_last_socket_error(); + if(error!=S_EINPROGRESS && error!=S_EWOULDBLOCK) { + s_log(LOG_ERR, "connect_blocking: connect %s: %s (%d)", + dst, s_strerror(error), error); + str_free(dst); + return -1; + } + + s_log(LOG_DEBUG, "connect_blocking: s_poll_wait %s: waiting %d seconds", + dst, c->opt->timeout_connect); + s_poll_init(c->fds); + s_poll_add(c->fds, c->fd, 1, 1); + switch(s_poll_wait(c->fds, c->opt->timeout_connect, 0)) { + case -1: + error=get_last_socket_error(); + s_log(LOG_ERR, "connect_blocking: s_poll_wait %s: %s (%d)", + dst, s_strerror(error), error); + str_free(dst); + return -1; + case 0: + s_log(LOG_ERR, "connect_blocking: s_poll_wait %s:" + " TIMEOUTconnect exceeded", dst); + str_free(dst); + return -1; + default: + error=get_socket_error(c->fd); + if(error) { + s_log(LOG_ERR, "connect_blocking: connect %s: %s (%d)", + dst, s_strerror(error), error); + str_free(dst); + return -1; + } + if(s_poll_canwrite(c->fds, c->fd)) { + s_log(LOG_NOTICE, "connect_blocking: connected %s", dst); + str_free(dst); + return 0; /* success */ + } + s_log(LOG_ERR, "connect_blocking: s_poll_wait %s: internal error", + dst); + str_free(dst); + return -1; + } + return -1; /* should not be possible */ +} + +void write_blocking(CLI *c, int fd, void *ptr, int len) { + /* simulate a blocking write */ + int num; + + while(len>0) { + s_poll_init(c->fds); + s_poll_add(c->fds, fd, 0, 1); /* write */ + switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { + case -1: + sockerror("write_blocking: s_poll_wait"); + longjmp(c->err, 1); /* error */ + case 0: + s_log(LOG_INFO, "write_blocking: s_poll_wait:" + " TIMEOUTbusy exceeded: sending reset"); + longjmp(c->err, 1); /* timeout */ + case 1: + break; /* OK */ + default: + s_log(LOG_ERR, "write_blocking: s_poll_wait: unknown result"); + longjmp(c->err, 1); /* error */ + } + num=writesocket(fd, ptr, len); + switch(num) { + case -1: /* error */ + sockerror("writesocket (write_blocking)"); + longjmp(c->err, 1); + } + ptr=(u8 *)ptr+num; + len-=num; + } +} + +void read_blocking(CLI *c, int fd, void *ptr, int len) { + /* simulate a blocking read */ + int num; + + while(len>0) { + s_poll_init(c->fds); + s_poll_add(c->fds, fd, 1, 0); /* read */ + switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { + case -1: + sockerror("read_blocking: s_poll_wait"); + longjmp(c->err, 1); /* error */ + case 0: + s_log(LOG_INFO, "read_blocking: s_poll_wait:" + " TIMEOUTbusy exceeded: sending reset"); + longjmp(c->err, 1); /* timeout */ + case 1: + break; /* OK */ + default: + s_log(LOG_ERR, "read_blocking: s_poll_wait: unknown result"); + longjmp(c->err, 1); /* error */ + } + num=readsocket(fd, ptr, len); + switch(num) { + case -1: /* error */ + sockerror("readsocket (read_blocking)"); + longjmp(c->err, 1); + case 0: /* EOF */ + s_log(LOG_ERR, "Unexpected socket close (read_blocking)"); + longjmp(c->err, 1); + } + ptr=(u8 *)ptr+num; + len-=num; + } +} + +void fd_putline(CLI *c, int fd, const char *line) { + char *tmpline; + const char crlf[]="\r\n"; + int len; + + tmpline=str_printf("%s%s", line, crlf); + len=strlen(tmpline); + write_blocking(c, fd, tmpline, len); + tmpline[len-2]='\0'; /* remove CRLF */ + safestring(tmpline); + s_log(LOG_DEBUG, " -> %s", tmpline); + str_free(tmpline); +} + +char *fd_getline(CLI *c, int fd) { + char *line=NULL, *tmpline; + int ptr=0; + + for(;;) { + s_poll_init(c->fds); + s_poll_add(c->fds, fd, 1, 0); /* read */ + switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { + case -1: + sockerror("fd_getline: s_poll_wait"); + str_free(line); + longjmp(c->err, 1); /* error */ + case 0: + s_log(LOG_INFO, "fd_getline: s_poll_wait:" + " TIMEOUTbusy exceeded: sending reset"); + str_free(line); + longjmp(c->err, 1); /* timeout */ + case 1: + break; /* OK */ + default: + s_log(LOG_ERR, "fd_getline: s_poll_wait: Unknown result"); + str_free(line); + longjmp(c->err, 1); /* error */ + } + line=str_realloc(line, ptr+1); + switch(readsocket(fd, line+ptr, 1)) { + case -1: /* error */ + sockerror("fd_getline: readsocket"); + str_free(line); + longjmp(c->err, 1); + case 0: /* EOF */ + s_log(LOG_ERR, "fd_getline: Unexpected socket close"); + str_free(line); + longjmp(c->err, 1); + } + if(line[ptr]=='\r') + continue; + if(line[ptr]=='\n') + break; + if(line[ptr]=='\0') + break; + if(++ptr>65536) { /* >64KB --> DoS protection */ + s_log(LOG_ERR, "fd_getline: Line too long"); + str_free(line); + longjmp(c->err, 1); + } + } + line[ptr]='\0'; + tmpline=str_dup(line); + safestring(tmpline); + s_log(LOG_DEBUG, " <- %s", tmpline); + str_free(tmpline); + return line; +} + +void fd_printf(CLI *c, int fd, const char *format, ...) { + va_list ap; + char *line; + + va_start(ap, format); + line=str_vprintf(format, ap); + va_end(ap); + if(!line) { + s_log(LOG_ERR, "fd_printf: str_vprintf failed"); + longjmp(c->err, 1); + } + fd_putline(c, fd, line); + str_free(line); +} + +#define INET_SOCKET_PAIR + +int make_sockets(int fd[2]) { /* make a pair of connected ipv4 sockets */ +#ifdef INET_SOCKET_PAIR + struct sockaddr_in addr; + socklen_t addrlen; + int s; /* temporary socket awaiting for connection */ + + /* create two *blocking* sockets first */ + s=s_socket(AF_INET, SOCK_STREAM, 0, 0, "make_sockets: s_socket#1"); + if(s<0) { + return 1; + } + fd[1]=s_socket(AF_INET, SOCK_STREAM, 0, 0, "make_sockets: s_socket#2"); + if(fd[1]<0) { + closesocket(s); + return 1; + } + + addrlen=sizeof addr; + memset(&addr, 0, addrlen); + addr.sin_family=AF_INET; + addr.sin_addr.s_addr=htonl(INADDR_LOOPBACK); + addr.sin_port=htons(0); /* dynamic port allocation */ + if(bind(s, (struct sockaddr *)&addr, addrlen)) + log_error(LOG_DEBUG, get_last_socket_error(), "make_sockets: bind#1"); + if(bind(fd[1], (struct sockaddr *)&addr, addrlen)) + log_error(LOG_DEBUG, get_last_socket_error(), "make_sockets: bind#2"); + + if(listen(s, 1)) { + sockerror("make_sockets: listen"); + closesocket(s); + closesocket(fd[1]); + return 1; + } + if(getsockname(s, (struct sockaddr *)&addr, &addrlen)) { + sockerror("make_sockets: getsockname"); + closesocket(s); + closesocket(fd[1]); + return 1; + } + if(connect(fd[1], (struct sockaddr *)&addr, addrlen)) { + sockerror("make_sockets: connect"); + closesocket(s); + closesocket(fd[1]); + return 1; + } + fd[0]=s_accept(s, (struct sockaddr *)&addr, &addrlen, 1, + "make_sockets: s_accept"); + if(fd[0]<0) { + closesocket(s); + closesocket(fd[1]); + return 1; + } + closesocket(s); /* don't care about the result */ + set_nonblock(fd[0], 1); + set_nonblock(fd[1], 1); +#else + if(s_socketpair(AF_UNIX, SOCK_STREAM, 0, fd, 1, "make_sockets: socketpair")) + return 1; +#endif + return 0; +} + +/* end of network.c */ diff --git a/src/nogui.c b/src/nogui.c new file mode 100644 index 0000000..73923c4 --- /dev/null +++ b/src/nogui.c @@ -0,0 +1,63 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +int main(int argc, char *argv[]) { + static struct WSAData wsa_state; + + if(WSAStartup(MAKEWORD(1, 1), &wsa_state)) + return 1; + main_initialize(); + if(main_configure(argc>1 ? argv[1] : NULL, argc>2 ? argv[2] : NULL)) + return 1; + main_execute(); + return 0; +} + +int passwd_cb(char *buf, int size, int rwflag, void *userdata) { + return 0; /* not implemented */ +} + +#ifdef HAVE_OSSL_ENGINE_H +int pin_cb(UI *ui, UI_STRING *uis) { + return 0; /* not implemented */ +} +#endif + +/* end of nogui.c */ diff --git a/src/options.c b/src/options.c new file mode 100644 index 0000000..e931114 --- /dev/null +++ b/src/options.c @@ -0,0 +1,2407 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#if !defined(OPENSSL_NO_TLS1) +#define DEFAULT_SSLVER_CLIENT "TLSv1" +#elif !defined(OPENSSL_NO_SSL3) +#define DEFAULT_SSLVER_CLIENT "SSLv3" +#elif !defined(OPENSSL_NO_SSL2) +#define DEFAULT_SSLVER_CLIENT "SSLv2" +#else /* OPENSSL_NO_TLS1, OPENSSL_NO_SSL3, OPENSSL_NO_SSL2 */ +#error No supported SSL methods found +#endif /* OPENSSL_NO_TLS1, OPENSSL_NO_SSL3, OPENSSL_NO_SSL2 */ +#define DEFAULT_SSLVER_SERVER "all" + +#if defined(_WIN32_WCE) && !defined(CONFDIR) +#define CONFDIR "\\stunnel" +#endif + +#ifdef USE_WIN32 +#define CONFSEPARATOR "\\" +#else +#define CONFSEPARATOR "/" +#endif + +#define CONFLINELEN (16*1024) + +static void init_globals(void); +static int init_section(SERVICE_OPTIONS *); +#ifndef OPENSSL_NO_TLSEXT +static int init_sni(SERVICE_OPTIONS *); +#endif + +static int parse_debug_level(char *); + +static int parse_ssl_option(char *); + +static int print_socket_options(void); +static char *print_option(int, OPT_UNION *); +static int parse_socket_option(char *); + +#ifdef HAVE_OSSL_OCSP_H +static char *parse_ocsp_url(SERVICE_OPTIONS *, char *); +static unsigned long parse_ocsp_flag(char *); +#endif /* HAVE_OSSL_OCSP_H */ + +#ifdef HAVE_OSSL_ENGINE_H +static char *open_engine(const char *); +static char *ctrl_engine(const char *, const char *); +static char *init_engine(void); +static void close_engine(void); +static ENGINE *get_engine(int); +#endif + +static void print_syntax(void); +static void config_error(int, const char *, const char *); +static void section_error(const char *, const char *); +#ifndef USE_WIN32 +static char **argalloc(char *); +#endif + +GLOBAL_OPTIONS global_options; +SERVICE_OPTIONS service_options; + +static GLOBAL_OPTIONS new_global_options; +static SERVICE_OPTIONS new_service_options; + +typedef enum { + CMD_INIT, /* initialize */ + CMD_EXEC, + CMD_DEFAULT, + CMD_HELP +} CMD; + +static char *option_not_found= + "Specified option name is not valid here"; + +static char *stunnel_cipher_list= + "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH"; + +/**************************************** global options */ + +static char *parse_global_option(CMD cmd, char *opt, char *arg) { + char *tmpstr; +#ifndef USE_WIN32 + struct group *gr; + struct passwd *pw; +#endif + + if(cmd==CMD_DEFAULT || cmd==CMD_HELP) { + s_log(LOG_NOTICE, " "); + s_log(LOG_NOTICE, "Global options:"); + } + + /* chroot */ +#ifdef HAVE_CHROOT + switch(cmd) { + case CMD_INIT: + new_global_options.chroot_dir=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "chroot")) + break; + new_global_options.chroot_dir=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = directory to chroot stunnel process", "chroot"); + break; + } +#endif /* HAVE_CHROOT */ + + /* compression */ +#ifndef OPENSSL_NO_COMP + switch(cmd) { + case CMD_INIT: + new_global_options.compression=COMP_NONE; + break; + case CMD_EXEC: + if(strcasecmp(opt, "compression")) + break; + if(SSLeay()>=0x00908051L && !strcasecmp(arg, "deflate")) + new_global_options.compression=COMP_DEFLATE; + else if(!strcasecmp(arg, "zlib")) + new_global_options.compression=COMP_ZLIB; + else if(!strcasecmp(arg, "rle")) + new_global_options.compression=COMP_RLE; + else + return "Specified compression type is not available"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = compression type", + "compression"); + break; + } +#endif /* OPENSSL_NO_COMP */ + + /* debug */ + switch(cmd) { + case CMD_INIT: + new_global_options.debug_level=LOG_NOTICE; +#if !defined (USE_WIN32) && !defined (__vms) + new_global_options.facility=LOG_DAEMON; +#endif + break; + case CMD_EXEC: + if(strcasecmp(opt, "debug")) + break; + if(parse_debug_level(arg)) + return "Illegal debug argument"; + return NULL; /* OK */ + case CMD_DEFAULT: +#if !defined (USE_WIN32) && !defined (__vms) + s_log(LOG_NOTICE, "%-15s = %s", "debug", "daemon.notice"); +#else + s_log(LOG_NOTICE, "%-15s = %s", "debug", "notice"); +#endif + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = [facility].level (e.g. daemon.info)", "debug"); + break; + } + + /* EGD */ + switch(cmd) { + case CMD_INIT: +#ifdef EGD_SOCKET + new_global_options.egd_sock=EGD_SOCKET; +#else + new_global_options.egd_sock=NULL; +#endif + break; + case CMD_EXEC: + if(strcasecmp(opt, "EGD")) + break; + new_global_options.egd_sock=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: +#ifdef EGD_SOCKET + s_log(LOG_NOTICE, "%-15s = %s", "EGD", EGD_SOCKET); +#endif + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = path to Entropy Gathering Daemon socket", "EGD"); + break; + } + +#ifdef HAVE_OSSL_ENGINE_H + /* engine */ + switch(cmd) { + case CMD_INIT: + break; + case CMD_EXEC: + if(strcasecmp(opt, "engine")) + break; + return open_engine(arg); + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = auto|engine_id", + "engine"); + break; + } + + /* engineCtrl */ + switch(cmd) { + case CMD_INIT: + break; + case CMD_EXEC: + if(strcasecmp(opt, "engineCtrl")) + break; + tmpstr=strchr(arg, ':'); + if(tmpstr) + *tmpstr++='\0'; + return ctrl_engine(arg, tmpstr); + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = cmd[:arg]", + "engineCtrl"); + break; + } +#endif + + /* fips */ +#ifdef USE_FIPS + switch(cmd) { + case CMD_INIT: + new_global_options.option.fips=1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "fips")) + break; + if(!strcasecmp(arg, "yes")) + new_global_options.option.fips=1; + else if(!strcasecmp(arg, "no")) + new_global_options.option.fips=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no FIPS 140-2 mode", + "fips"); + break; + } +#endif /* USE_FIPS */ + + /* foreground */ +#ifndef USE_WIN32 + switch(cmd) { + case CMD_INIT: + new_global_options.option.foreground=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "foreground")) + break; + if(!strcasecmp(arg, "yes")) + new_global_options.option.foreground=1; + else if(!strcasecmp(arg, "no")) + new_global_options.option.foreground=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no foreground mode (don't fork, log to stderr)", + "foreground"); + break; + } +#endif + + /* output */ + switch(cmd) { + case CMD_INIT: + new_global_options.output_file=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "output")) + break; + new_global_options.output_file=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = file to append log messages", "output"); + break; + } + + /* pid */ +#ifndef USE_WIN32 + switch(cmd) { + case CMD_INIT: + new_global_options.pidfile=PIDFILE; + break; + case CMD_EXEC: + if(strcasecmp(opt, "pid")) + break; + if(arg[0]) /* is argument not empty? */ + new_global_options.pidfile=str_dup(arg); + else + new_global_options.pidfile=NULL; /* empty -> do not create a pid file */ + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %s", "pid", PIDFILE); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = pid file (empty to disable creating)", "pid"); + break; + } +#endif + + /* RNDbytes */ + switch(cmd) { + case CMD_INIT: + new_global_options.random_bytes=RANDOM_BYTES; + break; + case CMD_EXEC: + if(strcasecmp(opt, "RNDbytes")) + break; + new_global_options.random_bytes=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal number of bytes to read from random seed files"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %d", "RNDbytes", RANDOM_BYTES); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = bytes to read from random seed files", "RNDbytes"); + break; + } + + /* RNDfile */ + switch(cmd) { + case CMD_INIT: + new_global_options.rand_file=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "RNDfile")) + break; + new_global_options.rand_file=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: +#ifdef RANDOM_FILE + s_log(LOG_NOTICE, "%-15s = %s", "RNDfile", RANDOM_FILE); +#endif + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = path to file with random seed data", "RNDfile"); + break; + } + + /* RNDoverwrite */ + switch(cmd) { + case CMD_INIT: + new_global_options.option.rand_write=1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "RNDoverwrite")) + break; + if(!strcasecmp(arg, "yes")) + new_global_options.option.rand_write=1; + else if(!strcasecmp(arg, "no")) + new_global_options.option.rand_write=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = yes", "RNDoverwrite"); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no overwrite seed datafiles with new random data", + "RNDoverwrite"); + break; + } + +#ifndef USE_WIN32 + /* service */ + switch(cmd) { + case CMD_INIT: + new_service_options.servname=str_dup("stunnel"); + break; + case CMD_EXEC: + if(strcasecmp(opt, "service")) + break; + new_service_options.servname=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = service name", "service"); + break; + } +#endif + +#ifndef USE_WIN32 + /* setgid */ + switch(cmd) { + case CMD_INIT: + new_global_options.gid=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "setgid")) + break; + gr=getgrnam(arg); + if(gr) { + new_global_options.gid=gr->gr_gid; + return NULL; /* OK */ + } + new_global_options.gid=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal GID"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = groupname for setgid()", "setgid"); + break; + } +#endif + +#ifndef USE_WIN32 + /* setuid */ + switch(cmd) { + case CMD_INIT: + new_global_options.uid=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "setuid")) + break; + pw=getpwnam(arg); + if(pw) { + new_global_options.uid=pw->pw_uid; + return NULL; /* OK */ + } + new_global_options.uid=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal UID"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = username for setuid()", "setuid"); + break; + } +#endif + + /* socket */ + switch(cmd) { + case CMD_INIT: + break; + case CMD_EXEC: + if(strcasecmp(opt, "socket")) + break; + if(parse_socket_option(arg)) + return "Illegal socket option"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = a|l|r:option=value[:value]", "socket"); + s_log(LOG_NOTICE, "%18sset an option on accept/local/remote socket", ""); + break; + } + + /* syslog */ +#ifndef USE_WIN32 + switch(cmd) { + case CMD_INIT: + new_global_options.option.syslog=1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "syslog")) + break; + if(!strcasecmp(arg, "yes")) + new_global_options.option.syslog=1; + else if(!strcasecmp(arg, "no")) + new_global_options.option.syslog=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no send logging messages to syslog", + "syslog"); + break; + } +#endif + + /* taskbar */ +#ifdef USE_WIN32 + switch(cmd) { + case CMD_INIT: + new_global_options.option.taskbar=1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "taskbar")) + break; + if(!strcasecmp(arg, "yes")) + new_global_options.option.taskbar=1; + else if(!strcasecmp(arg, "no")) + new_global_options.option.taskbar=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = yes", "taskbar"); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no enable the taskbar icon", "taskbar"); + break; + } +#endif + + if(cmd==CMD_EXEC) + return option_not_found; + return NULL; /* OK */ +} + +/**************************************** service-level options */ + +static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, + char *opt, char *arg) { + char *tmpstr; + int tmpnum; + + if(cmd==CMD_DEFAULT || cmd==CMD_HELP) { + s_log(LOG_NOTICE, " "); + s_log(LOG_NOTICE, "Service-level options:"); + } + + /* accept */ + switch(cmd) { + case CMD_INIT: + section->option.accept=0; + memset(§ion->local_addr, 0, sizeof(SOCKADDR_UNION)); + section->local_addr.in.sin_family=AF_INET; + section->fd=-1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "accept")) + break; + section->option.accept=1; + if(!name2addr(§ion->local_addr, arg, DEFAULT_ANY)) + return "Failed to resolve accepting address"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = [host:]port accept connections on specified host:port", + "accept"); + break; + } + + /* CApath */ + switch(cmd) { + case CMD_INIT: +#if 0 + section->ca_dir=(char *)X509_get_default_cert_dir(); +#endif + section->ca_dir=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "CApath")) + break; + if(arg[0]) /* not empty */ + section->ca_dir=str_dup(arg); + else + section->ca_dir=NULL; + return NULL; /* OK */ + case CMD_DEFAULT: +#if 0 + s_log(LOG_NOTICE, "%-15s = %s", "CApath", + section->ca_dir ? section->ca_dir : "(none)"); +#endif + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = CA certificate directory for 'verify' option", + "CApath"); + break; + } + + /* CAfile */ + switch(cmd) { + case CMD_INIT: +#if 0 + section->ca_file=(char *)X509_get_default_certfile(); +#endif + section->ca_file=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "CAfile")) + break; + if(arg[0]) /* not empty */ + section->ca_file=str_dup(arg); + else + section->ca_file=NULL; + return NULL; /* OK */ + case CMD_DEFAULT: +#if 0 + s_log(LOG_NOTICE, "%-15s = %s", "CAfile", + section->ca_file ? section->ca_file : "(none)"); +#endif + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = CA certificate file for 'verify' option", + "CAfile"); + break; + } + + /* cert */ + switch(cmd) { + case CMD_INIT: + section->cert=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "cert")) + break; + section->cert=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; /* no default certificate */ + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = certificate chain", "cert"); + break; + } + + /* ciphers */ + switch(cmd) { + case CMD_INIT: + section->cipher_list=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "ciphers")) + break; + section->cipher_list=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: +#ifdef USE_FIPS + s_log(LOG_NOTICE, "%-15s = %s %s", "ciphers", + "FIPS", "(with \"fips = yes\")"); + s_log(LOG_NOTICE, "%-15s = %s %s", "ciphers", + stunnel_cipher_list, "(with \"fips = no\")"); +#else + s_log(LOG_NOTICE, "%-15s = %s", "ciphers", stunnel_cipher_list); +#endif /* USE_FIPS */ + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = list of permitted SSL ciphers", "ciphers"); + break; + } + + /* client */ + switch(cmd) { + case CMD_INIT: + section->option.client=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "client")) + break; + if(!strcasecmp(arg, "yes")) + section->option.client=1; + else if(!strcasecmp(arg, "no")) + section->option.client=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no client mode (remote service uses SSL)", + "client"); + break; + } + + /* connect */ + switch(cmd) { + case CMD_INIT: + section->option.remote=0; + section->connect_name=NULL; + section->connect_addr.num=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "connect")) + break; + section->option.remote=1; + section->connect_name=str_dup(arg); + if(!section->option.delayed_lookup && + !name2addrlist(§ion->connect_addr, arg, DEFAULT_LOOPBACK)) { + s_log(LOG_INFO, "Cannot resolve '%s' - delaying DNS lookup", arg); + section->option.delayed_lookup=1; + } + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = [host:]port connect remote host:port", + "connect"); + break; + } + + /* CRLpath */ + switch(cmd) { + case CMD_INIT: + section->crl_dir=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "CRLpath")) + break; + if(arg[0]) /* not empty */ + section->crl_dir=str_dup(arg); + else + section->crl_dir=NULL; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = CRL directory", "CRLpath"); + break; + } + + /* CRLfile */ + switch(cmd) { + case CMD_INIT: + section->crl_file=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "CRLfile")) + break; + if(arg[0]) /* not empty */ + section->crl_file=str_dup(arg); + else + section->crl_file=NULL; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = CRL file", "CRLfile"); + break; + } + +#ifndef OPENSSL_NO_ECDH + + /* curve */ +#define DEFAULT_CURVE NID_X9_62_prime256v1 + switch(cmd) { + case CMD_INIT: + section->curve=DEFAULT_CURVE; + break; + case CMD_EXEC: + if(strcasecmp(opt, "curve")) + break; + section->curve=OBJ_txt2nid(arg); + if(section->curve==NID_undef) + return "Curve name not supported"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %s", "curve", OBJ_nid2ln(DEFAULT_CURVE)); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = ECDH curve name", "curve"); + break; + } + +#endif /* !OPENSSL_NO_ECDH */ + + /* delay */ + switch(cmd) { + case CMD_INIT: + section->option.delayed_lookup=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "delay")) + break; + if(!strcasecmp(arg, "yes")) + section->option.delayed_lookup=1; + else if(!strcasecmp(arg, "no")) + section->option.delayed_lookup=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no delay DNS lookup for 'connect' option", + "delay"); + break; + } + +#ifdef HAVE_OSSL_ENGINE_H + /* engineNum */ + switch(cmd) { + case CMD_INIT: + break; + case CMD_EXEC: + if(strcasecmp(opt, "engineNum")) + break; + tmpnum=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal engine number"; + section->engine=get_engine(tmpnum); + if(!section->engine) + return "Illegal engine number"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = number of engine to read the key from", + "engineNum"); + break; + } +#endif + + /* exec */ + switch(cmd) { + case CMD_INIT: + section->option.program=0; + section->execname=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "exec")) + break; + section->option.program=1; + section->execname=str_dup(arg); +#ifdef USE_WIN32 + section->execargs=str_dup(arg); +#else + if(!section->execargs) { + section->execargs=str_alloc(2*sizeof(char *)); + section->execargs[0]=section->execname; + section->execargs[1]=NULL; /* to show that it's null-terminated */ + } +#endif + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = file execute local inetd-type program", + "exec"); + break; + } + + /* execargs */ + switch(cmd) { + case CMD_INIT: + section->execargs=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "execargs")) + break; +#ifdef USE_WIN32 + section->execargs=str_dup(arg); +#else + section->execargs=argalloc(arg); +#endif + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = arguments for 'exec' (including $0)", + "execargs"); + break; + } + + /* failover */ + switch(cmd) { + case CMD_INIT: + section->failover=FAILOVER_RR; + break; + case CMD_EXEC: + if(strcasecmp(opt, "failover")) + break; + if(!strcasecmp(arg, "rr")) + section->failover=FAILOVER_RR; + else if(!strcasecmp(arg, "prio")) + section->failover=FAILOVER_PRIO; + else + return "Argument should be either 'rr' or 'prio'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = rr|prio failover strategy", + "failover"); + break; + } + + /* ident */ + switch(cmd) { + case CMD_INIT: + section->username=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "ident")) + break; + section->username=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = username for IDENT (RFC 1413) checking", "ident"); + break; + } + + /* key */ + switch(cmd) { + case CMD_INIT: + section->key=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "key")) + break; + section->key=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = certificate private key", "key"); + break; + } + +#ifdef USE_LIBWRAP + switch(cmd) { + case CMD_INIT: + section->option.libwrap=1; /* enable libwrap by default */ + break; + case CMD_EXEC: + if(strcasecmp(opt, "libwrap")) + break; + if(!strcasecmp(arg, "yes")) + section->option.libwrap=1; + else if(!strcasecmp(arg, "no")) + section->option.libwrap=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no use /etc/hosts.allow and /etc/hosts.deny", + "libwrap"); + break; + } +#endif /* USE_LIBWRAP */ + + /* local */ + switch(cmd) { + case CMD_INIT: + section->option.local=0; + memset(§ion->source_addr, 0, sizeof(SOCKADDR_UNION)); + section->source_addr.in.sin_family=AF_INET; + break; + case CMD_EXEC: + if(strcasecmp(opt, "local")) + break; + section->option.local=1; + if(!hostport2addr(§ion->source_addr, arg, "0")) + return "Failed to resolve local address"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = IP address to be used as source for remote" + " connections", "local"); + break; + } + +#ifdef HAVE_OSSL_OCSP_H + + /* OCSP */ + switch(cmd) { + case CMD_INIT: + section->option.ocsp=0; + memset(§ion->ocsp_addr, 0, sizeof(SOCKADDR_UNION)); + section->ocsp_addr.in.sin_family=AF_INET; + break; + case CMD_EXEC: + if(strcasecmp(opt, "ocsp")) + break; + section->option.ocsp=1; + return parse_ocsp_url(section, arg); + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = OCSP server URL", "ocsp"); + break; + } + + /* OCSPflag */ + switch(cmd) { + case CMD_INIT: + section->ocsp_flags=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "OCSPflag")) + break; + tmpnum=parse_ocsp_flag(arg); + if(!tmpnum) + return "Illegal OCSP flag"; + section->ocsp_flags|=tmpnum; + return NULL; + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = OCSP server flags", "OCSPflag"); + break; + } + +#endif /* HAVE_OSSL_OCSP_H */ + + /* options */ + switch(cmd) { + case CMD_INIT: + section->ssl_options=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "options")) + break; + tmpnum=parse_ssl_option(arg); + if(!tmpnum) + return "Illegal SSL option"; + section->ssl_options|=tmpnum; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = SSL option", "options"); + s_log(LOG_NOTICE, "%18sset an SSL option", ""); + break; + } + + /* protocol */ + switch(cmd) { + case CMD_INIT: + section->protocol=-1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "protocol")) + break; + section->protocol=find_protocol_id(arg); + if(section->protocol<0) + return "Unknown protocol"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = protocol to negotiate before SSL initialization", + "protocol"); + s_log(LOG_NOTICE, "%18scurrently supported: cifs, connect, imap, nntp, pgsql, pop3, proxy, smtp", ""); + break; + } + + /* protocolAuthentication */ + switch(cmd) { + case CMD_INIT: + section->protocol_authentication="basic"; + break; + case CMD_EXEC: + if(strcasecmp(opt, "protocolAuthentication")) + break; + section->protocol_authentication=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = authentication type for protocol negotiations", + "protocolAuthentication"); + break; + } + + /* protocolHost */ + switch(cmd) { + case CMD_INIT: + section->protocol_host=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "protocolHost")) + break; + section->protocol_host=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = host:port for protocol negotiations", + "protocolHost"); + break; + } + + /* protocolPassword */ + switch(cmd) { + case CMD_INIT: + section->protocol_password=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "protocolPassword")) + break; + section->protocol_password=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = password for protocol negotiations", + "protocolPassword"); + break; + } + + /* protocolUsername */ + switch(cmd) { + case CMD_INIT: + section->protocol_username=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "protocolUsername")) + break; + section->protocol_username=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = username for protocol negotiations", + "protocolUsername"); + break; + } + + /* pty */ +#ifndef USE_WIN32 + switch(cmd) { + case CMD_INIT: + section->option.pty=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "pty")) + break; + if(!strcasecmp(arg, "yes")) + section->option.pty=1; + else if(!strcasecmp(arg, "no")) + section->option.pty=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no allocate pseudo terminal for 'exec' option", + "pty"); + break; + } +#endif + + /* retry */ + switch(cmd) { + case CMD_INIT: + section->option.retry=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "retry")) + break; + if(!strcasecmp(arg, "yes")) + section->option.retry=1; + else if(!strcasecmp(arg, "no")) + section->option.retry=0; + else + return "Argument should be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = yes|no retry connect+exec section", + "retry"); + break; + } + + /* session */ + switch(cmd) { + case CMD_INIT: + section->session_timeout=300L; + break; + case CMD_EXEC: + if(strcasecmp(opt, "session")) + break; + section->session_timeout=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal session timeout"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %ld seconds", "session", 300L); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = session cache timeout (in seconds)", "session"); + break; + } + + /* sessiond */ + switch(cmd) { + case CMD_INIT: + section->option.sessiond=0; + memset(§ion->sessiond_addr, 0, sizeof(SOCKADDR_UNION)); + section->sessiond_addr.in.sin_family=AF_INET; + break; + case CMD_EXEC: + if(strcasecmp(opt, "sessiond")) + break; + section->option.sessiond=1; +#ifdef SSL_OP_NO_TICKET + /* disable RFC4507 support introduced in OpenSSL 0.9.8f */ + /* this prevents session callbacks from beeing executed */ + section->ssl_options|=SSL_OP_NO_TICKET; +#endif + if(!name2addr(§ion->sessiond_addr, arg, DEFAULT_LOOPBACK)) + return "Failed to resolve sessiond server address"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = [host:]port use sessiond at host:port", + "sessiond"); + break; + } + +#ifndef OPENSSL_NO_TLSEXT + /* sni */ + switch(cmd) { + case CMD_INIT: + section->servername_list_head=NULL; + section->servername_list_tail=NULL; + section->option.sni=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "sni")) + break; + section->sni=str_dup(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = master_service:host_name for an SNI virtual service", + "sni"); + break; + } +#endif /* OPENSSL_NO_TLSEXT */ + + /* sslVersion */ + switch(cmd) { + case CMD_INIT: + section->client_method=NULL; + section->server_method=NULL; + break; + case CMD_EXEC: + if(strcasecmp(opt, "sslVersion")) + break; + if(!strcasecmp(arg, "all")) { + section->client_method=(SSL_METHOD *)SSLv23_client_method(); + section->server_method=(SSL_METHOD *)SSLv23_server_method(); + } else if(!strcasecmp(arg, "SSLv2")) { +#if !defined(OPENSSL_NO_SSL2) + section->client_method=(SSL_METHOD *)SSLv2_client_method(); + section->server_method=(SSL_METHOD *)SSLv2_server_method(); +#else + return "SSLv2 not supported"; +#endif + } else if(!strcasecmp(arg, "SSLv3")) { +#if !defined(OPENSSL_NO_SSL3) + section->client_method=(SSL_METHOD *)SSLv3_client_method(); + section->server_method=(SSL_METHOD *)SSLv3_server_method(); +#else + return "SSLv3 not supported"; +#endif + } else if(!strcasecmp(arg, "TLSv1")) { +#if !defined(OPENSSL_NO_TLS1) + section->client_method=(SSL_METHOD *)TLSv1_client_method(); + section->server_method=(SSL_METHOD *)TLSv1_server_method(); +#else + return "TLSv1 not supported"; +#endif + } else + return "Incorrect version of SSL protocol"; + return NULL; /* OK */ + case CMD_DEFAULT: +#ifdef USE_FIPS + s_log(LOG_NOTICE, "%-15s = TLSv1 (with \"fips = yes\")", + "sslVersion"); + s_log(LOG_NOTICE, "%-15s = " DEFAULT_SSLVER_CLIENT " for client, " + DEFAULT_SSLVER_SERVER " for server (with \"fips = no\")", + "sslVersion"); +#else + s_log(LOG_NOTICE, "%-15s = " DEFAULT_SSLVER_CLIENT " for client, " + DEFAULT_SSLVER_SERVER " for server", "sslVersion"); +#endif + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = all|SSLv2|SSLv3|TLSv1 SSL method", "sslVersion"); + break; + } + +#ifndef USE_FORK + /* stack */ + switch(cmd) { + case CMD_INIT: + section->stack_size=DEFAULT_STACK_SIZE; + break; + case CMD_EXEC: + if(strcasecmp(opt, "stack")) + break; + section->stack_size=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal thread stack size"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %d bytes", "stack", DEFAULT_STACK_SIZE); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = thread stack size (in bytes)", "stack"); + break; + } +#endif + + /* TIMEOUTbusy */ + switch(cmd) { + case CMD_INIT: + section->timeout_busy=300; /* 5 minutes */ + break; + case CMD_EXEC: + if(strcasecmp(opt, "TIMEOUTbusy")) + break; + section->timeout_busy=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal busy timeout"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %d seconds", "TIMEOUTbusy", 300); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = seconds to wait for expected data", "TIMEOUTbusy"); + break; + } + + /* TIMEOUTclose */ + switch(cmd) { + case CMD_INIT: + section->timeout_close=60; /* 1 minute */ + break; + case CMD_EXEC: + if(strcasecmp(opt, "TIMEOUTclose")) + break; + section->timeout_close=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal close timeout"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %d seconds", "TIMEOUTclose", 60); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = seconds to wait for close_notify" + " (set to 0 for buggy MSIE)", "TIMEOUTclose"); + break; + } + + /* TIMEOUTconnect */ + switch(cmd) { + case CMD_INIT: + section->timeout_connect=10; /* 10 seconds */ + break; + case CMD_EXEC: + if(strcasecmp(opt, "TIMEOUTconnect")) + break; + section->timeout_connect=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal connect timeout"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %d seconds", "TIMEOUTconnect", 10); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = seconds to connect remote host", "TIMEOUTconnect"); + break; + } + + /* TIMEOUTidle */ + switch(cmd) { + case CMD_INIT: + section->timeout_idle=43200; /* 12 hours */ + break; + case CMD_EXEC: + if(strcasecmp(opt, "TIMEOUTidle")) + break; + section->timeout_idle=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Illegal idle timeout"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = %d seconds", "TIMEOUTidle", 43200); + break; + case CMD_HELP: + s_log(LOG_NOTICE, "%-15s = seconds to keep an idle connection", "TIMEOUTidle"); + break; + } + + /* transparent */ +#ifndef USE_WIN32 + switch(cmd) { + case CMD_INIT: + section->option.transparent_src=0; + section->option.transparent_dst=0; + break; + case CMD_EXEC: + if(strcasecmp(opt, "transparent")) + break; + if(!strcasecmp(arg, "none") || !strcasecmp(arg, "no")) { + section->option.transparent_src=0; + section->option.transparent_dst=0; + } else if(!strcasecmp(arg, "source") || !strcasecmp(arg, "yes")) { + section->option.transparent_src=1; + section->option.transparent_dst=0; +#ifdef SO_ORIGINAL_DST + } else if(!strcasecmp(arg, "destination")) { + section->option.transparent_src=0; + section->option.transparent_dst=1; + } else if(!strcasecmp(arg, "both")) { + section->option.transparent_src=1; + section->option.transparent_dst=1; +#endif + } else + return "Selected transparent proxy mode is not available"; + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + s_log(LOG_NOTICE, + "%-15s = none|source|destination|both transparent proxy mode", + "transparent"); + break; + } +#endif + + /* verify */ + switch(cmd) { + case CMD_INIT: + section->verify_level=-1; /* do not even request a certificate */ + break; + case CMD_EXEC: + if(strcasecmp(opt, "verify")) + break; + section->verify_level=strtol(arg, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return "Bad verify level"; + if(section->verify_level<0 || section->verify_level>4) + return "Bad verify level"; + return NULL; /* OK */ + case CMD_DEFAULT: + s_log(LOG_NOTICE, "%-15s = none", "verify"); + break; + case CMD_HELP: + s_log(LOG_NOTICE, + "%-15s = level of peer certificate verification", "verify"); + s_log(LOG_NOTICE, + "%18slevel 0 - request and ignore peer certificate", ""); + s_log(LOG_NOTICE, + "%18slevel 1 - only validate peer certificate if present", ""); + s_log(LOG_NOTICE, + "%18slevel 2 - always require a valid peer certificate", ""); + s_log(LOG_NOTICE, + "%18slevel 3 - verify peer with locally installed certificate", ""); + s_log(LOG_NOTICE, + "%18slevel 4 - ignore CA chain and only verify peer certificate", ""); + break; + } + + if(cmd==CMD_EXEC) + return option_not_found; + return NULL; /* OK */ +} + +/**************************************** parse commandline parameters */ + +int parse_commandline(char *name, char *parameter) { + if(!name) +#ifdef CONFDIR + name=CONFDIR CONFSEPARATOR "stunnel.conf"; +#else + name="stunnel.conf"; +#endif + + if(!strcasecmp(name, "-help")) { + parse_global_option(CMD_HELP, NULL, NULL); + parse_service_option(CMD_HELP, NULL, NULL, NULL); + log_flush(LOG_MODE_INFO); + return 1; + } + + if(!strcasecmp(name, "-version")) { + parse_global_option(CMD_DEFAULT, NULL, NULL); + parse_service_option(CMD_DEFAULT, NULL, NULL, NULL); + log_flush(LOG_MODE_INFO); + return 1; + } + + if(!strcasecmp(name, "-sockets")) { + print_socket_options(); + log_flush(LOG_MODE_INFO); + return 1; + } + +#ifndef USE_WIN32 + if(!strcasecmp(name, "-fd")) { + if(!parameter) { + s_log(LOG_ERR, "No file descriptor specified"); + print_syntax(); + return 1; + } + if(parse_conf(parameter, CONF_FD)) + return 1; + } else +#else + (void)parameter; /* skip warning about unused parameter */ +#endif + if(parse_conf(name, CONF_FILE)) + return 1; + apply_conf(); + return 0; +} + +/**************************************** parse configuration file */ + +int parse_conf(char *name, CONF_TYPE type) { + DISK_FILE *df; + char line_text[CONFLINELEN], *errstr; + char config_line[CONFLINELEN], *config_opt, *config_arg; + int line_number, i; + SERVICE_OPTIONS *section, *new_section; + static char *filename=NULL; /* a copy of config file name for reloading */ +#ifndef USE_WIN32 + int fd; + char *tmpstr; +#endif + + if(name) /* not reload */ + filename=str_dup(name); + + s_log(LOG_NOTICE, "Reading configuration from %s %s", + type==CONF_FD ? "descriptor" : "file", filename); +#ifndef USE_WIN32 + if(type==CONF_FD) { /* file descriptor */ + fd=strtol(filename, &tmpstr, 10); + if(tmpstr==filename || *tmpstr) { /* not a number */ + s_log(LOG_ERR, "Invalid file descriptor number"); + print_syntax(); + return 1; + } + df=file_fdopen(fd); + } else +#endif + df=file_open(filename, 0); + if(!df) { + s_log(LOG_ERR, "Cannot read configuration"); + if(type!=CONF_RELOAD) + print_syntax(); + return 1; + } + + memset(&new_global_options, 0, sizeof(GLOBAL_OPTIONS)); /* reset global options */ + memset(&new_service_options, 0, sizeof(SERVICE_OPTIONS)); /* reset local options */ + new_service_options.next=NULL; + section=&new_service_options; + parse_global_option(CMD_INIT, NULL, NULL); + parse_service_option(CMD_INIT, section, NULL, NULL); + if(type!=CONF_RELOAD) { /* provide defaults for gui.c */ + memcpy(&global_options, &new_global_options, sizeof(GLOBAL_OPTIONS)); + memcpy(&service_options, &new_service_options, sizeof(SERVICE_OPTIONS)); + } + + line_number=0; + while(file_getline(df, line_text, CONFLINELEN)>=0) { + memcpy(config_line, line_text, CONFLINELEN); + ++line_number; + config_opt=config_line; + while(isspace((unsigned char)*config_opt)) + ++config_opt; /* remove initial whitespaces */ + for(i=strlen(config_opt)-1; i>=0 && isspace((unsigned char)config_opt[i]); --i) + config_opt[i]='\0'; /* remove trailing whitespaces */ + if(config_opt[0]=='\0' || config_opt[0]=='#' || config_opt[0]==';') /* empty or comment */ + continue; + if(config_opt[0]=='[' && config_opt[strlen(config_opt)-1]==']') { /* new section */ + if(!new_service_options.next) { + /* FIPS needs to be initialized as early as possible */ + if(ssl_configure(&new_global_options)) { /* configure global SSL settings */ + file_close(df); + return 1; + } + init_globals(); /* defaults need to be set before other options are parsed */ + } + ++config_opt; + config_opt[strlen(config_opt)-1]='\0'; + new_section=str_alloc(sizeof(SERVICE_OPTIONS)); + memcpy(new_section, &new_service_options, sizeof(SERVICE_OPTIONS)); + new_section->servname=str_dup(config_opt); + new_section->session=NULL; + new_section->next=NULL; + section->next=new_section; + section=new_section; + continue; + } + config_arg=strchr(config_line, '='); + if(!config_arg) { + config_error(line_number, line_text, "No '=' found"); + file_close(df); + return 1; + } + *config_arg++='\0'; /* split into option name and argument value */ + for(i=strlen(config_opt)-1; i>=0 && isspace((unsigned char)config_opt[i]); --i) + config_opt[i]='\0'; /* remove trailing whitespaces */ + while(isspace((unsigned char)*config_arg)) + ++config_arg; /* remove initial whitespaces */ + errstr=parse_service_option(CMD_EXEC, section, config_opt, config_arg); + if(!new_service_options.next && errstr==option_not_found) + errstr=parse_global_option(CMD_EXEC, config_opt, config_arg); + if(errstr) { + config_error(line_number, line_text, errstr); + file_close(df); + return 1; + } + } + file_close(df); + + if(new_service_options.next) { /* daemon mode: initialize sections */ + for(section=new_service_options.next; section; section=section->next) { + s_log(LOG_INFO, "Initializing service section [%s]", section->servname); + if(init_section(section)) + return 1; + } + } else { /* inetd mode: need to initialize global options */ + if(ssl_configure(&new_global_options)) /* configure global SSL settings */ + return 1; + init_globals(); + s_log(LOG_INFO, "Initializing inetd mode configuration"); + if(init_section(&new_service_options)) + return 1; + } + + s_log(LOG_NOTICE, "Configuration successful"); + return 0; +} + +void apply_conf() { /* can be used once the configuration was validated */ + /* FIXME: this operation may be unsafe, as client() threads use it */ + memcpy(&global_options, &new_global_options, sizeof(GLOBAL_OPTIONS)); + /* service_options are used for inetd mode and to enumerate services */ + memcpy(&service_options, &new_service_options, sizeof(SERVICE_OPTIONS)); +#ifdef USE_WIN32 + PostMessage(hwnd, WM_VALID_CONFIG, 0, 0); +#endif +} + +/**************************************** validate and initialize configuration */ + +static void init_globals() { +#ifdef HAVE_OSSL_ENGINE_H + close_engine(); +#endif + + /* prepare default SSL methods */ +#ifdef USE_FIPS + if(new_global_options.option.fips) { + if(!new_service_options.cipher_list) + new_service_options.cipher_list="FIPS"; + if(!new_service_options.client_method) + new_service_options.client_method=(SSL_METHOD *)TLSv1_client_method(); + if(!new_service_options.server_method) + new_service_options.server_method=(SSL_METHOD *)TLSv1_server_method(); + return; + } +#endif /* USE_FIPS */ + if(!new_service_options.cipher_list) + new_service_options.cipher_list=stunnel_cipher_list; + if(!new_service_options.client_method) +#if !defined(OPENSSL_NO_TLS1) + new_service_options.client_method=(SSL_METHOD *)TLSv1_client_method(); +#elif !defined(OPENSSL_NO_SSL3) + new_service_options.client_method=(SSL_METHOD *)SSLv3_client_method(); +#elif !defined(OPENSSL_NO_SSL2) + new_service_options.client_method=(SSL_METHOD *)SSLv2_client_method(); +#else /* OPENSSL_NO_TLS1, OPENSSL_NO_SSL3, OPENSSL_NO_SSL2 */ +#error No supported SSL methods found +#endif /* OPENSSL_NO_TLS1, OPENSSL_NO_SSL3, OPENSSL_NO_SSL2 */ + /* SSLv23_server_method() is an always available catch-all */ + if(!new_service_options.server_method) + new_service_options.server_method=(SSL_METHOD *)SSLv23_server_method(); +} + +static int init_section(SERVICE_OPTIONS *section) { +#ifdef USE_FIPS + if(new_global_options.option.fips && + ((section->option.client && + section->client_method!=(SSL_METHOD *)TLSv1_client_method()) || + (!section->option.client && + section->server_method!=(SSL_METHOD *)TLSv1_server_method()))) { + section_error(section->servname, "sslVersion = TLSv1 is required in FIPS mode"); + return 1; + } +#endif /* USE_FIPS */ + if(!section->option.client && !section->cert) { + section_error(section->servname, "SSL server needs a certificate"); + return 1; + } +#ifndef OPENSSL_NO_TLSEXT + if(init_sni(section)) + return 1; +#endif + if(context_init(section)) /* initialize SSL context */ + return 1; + + if(new_service_options.next) { /* daemon mode checks */ + if((unsigned int)section->option.accept + + (unsigned int)section->option.program + + (unsigned int)section->option.remote +#ifndef OPENSSL_NO_TLSEXT + + (unsigned int)section->option.sni +#endif /* OPENSSL_NO_TLSEXT */ +#ifndef USE_WIN32 + + (unsigned int)section->option.transparent_dst +#endif /* USE_WIN32 */ + !=2) { + section_error(section->servname, "Each service must define two endpoints"); + return 1; + } + } else { /* inetd mode checks */ + if(section->option.accept) { + s_log(LOG_ERR, "Accept option is not allowed in inetd mode"); + s_log(LOG_ERR, "Remove accept option or define a [section]"); + return 1; + } + if(!section->option.remote && !section->execname) { + s_log(LOG_ERR, "Inetd mode must have 'connect' or 'exec' options"); + return 1; + } +#if 0 + /* TODO: some additional checks could be useful */ + if((unsigned int)section->option.program + + (unsigned int)section->option.remote != 1) + section_error(section->servname, "Single endpoint is required in inetd mode"); +#endif + } + return 0; /* all tests passed -- continue program execution */ +} + +#ifndef OPENSSL_NO_TLSEXT +static int init_sni(SERVICE_OPTIONS *section) { + char *tmpstr; + SERVICE_OPTIONS *tmpsrv; + + /* server mode: update servername_list based on SNI option */ + if(!section->option.client && section->sni) { + tmpstr=strchr(section->sni, ':'); + if(!tmpstr) { + section_error(section->servname, "Invalid SNI parameter format"); + return 1; + } + *tmpstr++='\0'; + for(tmpsrv=new_service_options.next; tmpsrv; tmpsrv=tmpsrv->next) + if(!strcmp(tmpsrv->servname, section->sni)) + break; + if(!tmpsrv) { + section_error(section->servname, "SNI section name not found"); + return 1; + } + if(tmpsrv->option.client) { + section_error(section->servname, "SNI master service is a TLS client"); + return 1; + } + if(tmpsrv->servername_list_tail) { + tmpsrv->servername_list_tail->next=str_alloc(sizeof(SERVERNAME_LIST)); + tmpsrv->servername_list_tail=tmpsrv->servername_list_tail->next; + } else { /* first virtual service */ + tmpsrv->servername_list_head= + tmpsrv->servername_list_tail= + str_alloc(sizeof(SERVERNAME_LIST)); + tmpsrv->ssl_options|=SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION; + } + tmpsrv->servername_list_tail->servername=str_dup(tmpstr); + tmpsrv->servername_list_tail->opt=section; + tmpsrv->servername_list_tail->next=NULL; + section->option.sni=1; + /* always negotiate a new session on renegotiation, as the SSL + * context settings (including access control) may be different */ + section->ssl_options|=SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION; + } + + /* client mode: setup SNI default based on 'protocolHost' and 'connect' options */ + if(section->option.client && !section->sni) { + /* setup host_name for SNI, prefer SNI and protocolHost if specified */ + if(section->protocol_host) /* 'protocolHost' option */ + section->sni=str_dup(section->protocol_host); + else if(section->connect_name) /* 'connect' option */ + section->sni=str_dup(section->connect_name); + if(section->sni) { /* either 'protocolHost' or 'connect' specified */ + tmpstr=strrchr(section->sni, ':'); + if(tmpstr) { /* 'host:port' -> drop ':port' */ + *tmpstr='\0'; + } else { /* 'port' -> default to 'localhost' */ + str_free(section->sni); + section->sni=str_dup("localhost"); + } + } + } + return 0; +} +#endif /* OPENSSL_NO_TLSEXT */ + +/**************************************** facility/debug level */ + +typedef struct { + char *name; + int value; +} facilitylevel; + +static int parse_debug_level(char *arg) { + char *arg_copy; + char *string; + facilitylevel *fl; + +/* facilities only make sense on unix */ +#if !defined (USE_WIN32) && !defined (__vms) + facilitylevel facilities[] = { + {"auth", LOG_AUTH}, {"cron", LOG_CRON}, {"daemon", LOG_DAEMON}, + {"kern", LOG_KERN}, {"lpr", LOG_LPR}, {"mail", LOG_MAIL}, + {"news", LOG_NEWS}, {"syslog", LOG_SYSLOG}, {"user", LOG_USER}, + {"uucp", LOG_UUCP}, {"local0", LOG_LOCAL0}, {"local1", LOG_LOCAL1}, + {"local2", LOG_LOCAL2}, {"local3", LOG_LOCAL3}, {"local4", LOG_LOCAL4}, + {"local5", LOG_LOCAL5}, {"local6", LOG_LOCAL6}, {"local7", LOG_LOCAL7}, + + /* some that are not on all unicies */ +#ifdef LOG_AUTHPRIV + {"authpriv", LOG_AUTHPRIV}, +#endif +#ifdef LOG_FTP + {"ftp", LOG_FTP}, +#endif +#ifdef LOG_NTP + {"ntp", LOG_NTP}, +#endif + {NULL, 0} + }; +#endif /* USE_WIN32, __vms */ + + facilitylevel levels[] = { + {"emerg", LOG_EMERG}, {"alert", LOG_ALERT}, + {"crit", LOG_CRIT}, {"err", LOG_ERR}, + {"warning", LOG_WARNING}, {"notice", LOG_NOTICE}, + {"info", LOG_INFO}, {"debug", LOG_DEBUG}, + {NULL, -1} + }; + + arg_copy=str_dup(arg); + string=arg_copy; + +/* facilities only make sense on Unix */ +#if !defined (USE_WIN32) && !defined (__vms) + if(strchr(string, '.')) { /* we have a facility specified */ + new_global_options.facility=-1; + string=strtok(arg_copy, "."); /* break it up */ + + for(fl=facilities; fl->name; ++fl) { + if(!strcasecmp(fl->name, string)) { + new_global_options.facility=fl->value; + break; + } + } + if(new_global_options.facility==-1) + return 1; /* FAILED */ + string=strtok(NULL, "."); /* set to the remainder */ + } +#endif /* USE_WIN32, __vms */ + + /* time to check the syslog level */ + if(string && strlen(string)==1 && *string>='0' && *string<='7') { + new_global_options.debug_level=*string-'0'; + return 0; /* OK */ + } + new_global_options.debug_level=8; /* illegal level */ + for(fl=levels; fl->name; ++fl) { + if(!strcasecmp(fl->name, string)) { + new_global_options.debug_level=fl->value; + break; + } + } + if(new_global_options.debug_level==8) + return 1; /* FAILED */ + return 0; /* OK */ +} + +/**************************************** SSL options */ + +static int parse_ssl_option(char *arg) { + struct { + char *name; + long value; + } ssl_opts[] = { + {"MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG}, + {"NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG}, +#ifdef SSL_OP_LEGACY_SERVER_CONNECT + {"LEGACY_SERVER_CONNECT", SSL_OP_LEGACY_SERVER_CONNECT}, +#endif + {"NETSCAPE_REUSE_CIPHER_CHANGE_BUG", + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, + {"SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG}, + {"MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER}, + {"MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING}, + {"SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG}, + {"TLS_D5_BUG", SSL_OP_TLS_D5_BUG}, + {"TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG}, +#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + {"DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, +#endif + {"ALL", SSL_OP_ALL}, +#ifdef SSL_OP_NO_QUERY_MTU + {"NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU}, +#endif +#ifdef SSL_OP_COOKIE_EXCHANGE + {"COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE}, +#endif +#ifdef SSL_OP_NO_TICKET + {"NO_TICKET", SSL_OP_NO_TICKET}, +#endif +#ifdef SSL_OP_CISCO_ANYCONNECT + {"CISCO_ANYCONNECT", SSL_OP_CISCO_ANYCONNECT}, +#endif +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + {"NO_SESSION_RESUMPTION_ON_RENEGOTIATION", + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION}, +#endif +#ifdef SSL_OP_NO_COMPRESSION + {"NO_COMPRESSION", SSL_OP_NO_COMPRESSION}, +#endif +#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + {"ALLOW_UNSAFE_LEGACY_RENEGOTIATION", + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION}, +#endif +#ifdef SSL_OP_SINGLE_ECDH_USE + {"SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE}, +#endif + {"SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE}, + {"EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA}, +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + {"CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE}, +#endif + {"TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG}, + {"NO_SSLv2", SSL_OP_NO_SSLv2}, + {"NO_SSLv3", SSL_OP_NO_SSLv3}, + {"NO_TLSv1", SSL_OP_NO_TLSv1}, + {"PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1}, + {"PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2}, + {"NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG}, + {"NETSCAPE_DEMO_CIPHER_CHANGE_BUG", + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG}, +#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG + {"CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG}, +#endif + {NULL, 0} + }, *option; + + for(option=ssl_opts; option->name; ++option) + if(!strcasecmp(option->name, arg)) + return option->value; + return 0; /* FAILED */ +} + +/**************************************** socket options */ + +static int on=1; +#define DEF_ON ((void *)&on) + +SOCK_OPT sock_opts[] = { + {"SO_DEBUG", SOL_SOCKET, SO_DEBUG, TYPE_FLAG, {NULL, NULL, NULL}}, + {"SO_DONTROUTE", SOL_SOCKET, SO_DONTROUTE, TYPE_FLAG, {NULL, NULL, NULL}}, + {"SO_KEEPALIVE", SOL_SOCKET, SO_KEEPALIVE, TYPE_FLAG, {NULL, NULL, NULL}}, + {"SO_LINGER", SOL_SOCKET, SO_LINGER, TYPE_LINGER, {NULL, NULL, NULL}}, + {"SO_OOBINLINE", SOL_SOCKET, SO_OOBINLINE, TYPE_FLAG, {NULL, NULL, NULL}}, + {"SO_RCVBUF", SOL_SOCKET, SO_RCVBUF, TYPE_INT, {NULL, NULL, NULL}}, + {"SO_SNDBUF", SOL_SOCKET, SO_SNDBUF, TYPE_INT, {NULL, NULL, NULL}}, +#ifdef SO_RCVLOWAT + {"SO_RCVLOWAT", SOL_SOCKET, SO_RCVLOWAT, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef SO_SNDLOWAT + {"SO_SNDLOWAT", SOL_SOCKET, SO_SNDLOWAT, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef SO_RCVTIMEO + {"SO_RCVTIMEO", SOL_SOCKET, SO_RCVTIMEO, TYPE_TIMEVAL, {NULL, NULL, NULL}}, +#endif +#ifdef SO_SNDTIMEO + {"SO_SNDTIMEO", SOL_SOCKET, SO_SNDTIMEO, TYPE_TIMEVAL, {NULL, NULL, NULL}}, +#endif + {"SO_REUSEADDR", SOL_SOCKET, SO_REUSEADDR, TYPE_FLAG, {DEF_ON, NULL, NULL}}, +#ifdef SO_BINDTODEVICE + {"SO_BINDTODEVICE", SOL_SOCKET, SO_BINDTODEVICE, TYPE_STRING, {NULL, NULL, NULL}}, +#endif +#ifdef TCP_KEEPCNT + {"TCP_KEEPCNT", SOL_TCP, TCP_KEEPCNT, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef TCP_KEEPIDLE + {"TCP_KEEPIDLE", SOL_TCP, TCP_KEEPIDLE, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef TCP_KEEPINTVL + {"TCP_KEEPINTVL", SOL_TCP, TCP_KEEPINTVL, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef IP_TOS + {"IP_TOS", IPPROTO_IP, IP_TOS, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef IP_TTL + {"IP_TTL", IPPROTO_IP, IP_TTL, TYPE_INT, {NULL, NULL, NULL}}, +#endif +#ifdef IP_MAXSEG + {"TCP_MAXSEG", IPPROTO_TCP, TCP_MAXSEG, TYPE_INT, {NULL, NULL, NULL}}, +#endif + {"TCP_NODELAY", IPPROTO_TCP, TCP_NODELAY, TYPE_FLAG, {NULL, DEF_ON, DEF_ON}}, + {NULL, 0, 0, TYPE_NONE, {NULL, NULL, NULL}} +}; + +static int print_socket_options(void) { + int fd; + socklen_t optlen; + SOCK_OPT *ptr; + OPT_UNION val; + char *ta, *tl, *tr, *td; + + fd=socket(AF_INET, SOCK_STREAM, 0); + + s_log(LOG_NOTICE, " "); + s_log(LOG_NOTICE, "Socket option defaults:"); + s_log(LOG_NOTICE, + " Option Name | Accept | Local | Remote |OS default"); + s_log(LOG_NOTICE, + " ----------------+----------+----------+----------+----------"); + for(ptr=sock_opts; ptr->opt_str; ++ptr) { + /* get OS default value */ + optlen=sizeof val; + if(getsockopt(fd, ptr->opt_level, + ptr->opt_name, (void *)&val, &optlen)) { + if(get_last_socket_error()!=S_ENOPROTOOPT) { + s_log(LOG_ERR, "Failed to get %s OS default", ptr->opt_str); + sockerror("getsockopt"); + return 1; /* FAILED */ + } + td=str_dup("write-only"); + } else + td=print_option(ptr->opt_type, &val); + /* get stunnel default values */ + ta=print_option(ptr->opt_type, ptr->opt_val[0]); + tl=print_option(ptr->opt_type, ptr->opt_val[1]); + tr=print_option(ptr->opt_type, ptr->opt_val[2]); + /* print collected data and fee the memory */ + s_log(LOG_NOTICE, " %-16s|%10s|%10s|%10s|%10s", + ptr->opt_str, ta, tl, tr, td); + str_free(ta); str_free(tl); str_free(tr); str_free(td); + } + return 0; /* OK */ +} + +static char *print_option(int type, OPT_UNION *val) { + if(!val) + return str_dup(" -- "); + switch(type) { + case TYPE_FLAG: + return str_printf("%s", val->i_val ? "yes" : "no"); + case TYPE_INT: + return str_printf("%d", val->i_val); + case TYPE_LINGER: + return str_printf("%d:%d", + val->linger_val.l_onoff, val->linger_val.l_linger); + case TYPE_TIMEVAL: + return str_printf("%d:%d", + (int)val->timeval_val.tv_sec, (int)val->timeval_val.tv_usec); + case TYPE_STRING: + return str_printf("%s", val->c_val); + } + return str_dup(" Ooops? "); /* internal error? */ +} + +static int parse_socket_option(char *arg) { + int socket_type; /* 0-accept, 1-local, 2-remote */ + char *opt_val_str, *opt_val2_str, *tmpstr; + SOCK_OPT *ptr; + + if(arg[1]!=':') + return 1; /* FAILED */ + switch(arg[0]) { + case 'a': + socket_type=0; break; + case 'l': + socket_type=1; break; + case 'r': + socket_type=2; break; + default: + return 1; /* FAILED */ + } + arg+=2; + opt_val_str=strchr(arg, '='); + if(!opt_val_str) /* no '='? */ + return 1; /* FAILED */ + *opt_val_str++='\0'; + ptr=sock_opts; + for(;;) { + if(!ptr->opt_str) + return 1; /* FAILED */ + if(!strcmp(arg, ptr->opt_str)) + break; /* option name found */ + ++ptr; + } + ptr->opt_val[socket_type]=str_alloc(sizeof(OPT_UNION)); + switch(ptr->opt_type) { + case TYPE_FLAG: + if(!strcasecmp(opt_val_str, "yes") || !strcmp(opt_val_str, "1")) { + ptr->opt_val[socket_type]->i_val=1; + return 0; /* OK */ + } + if(!strcasecmp(opt_val_str, "no") || !strcmp(opt_val_str, "0")) { + ptr->opt_val[socket_type]->i_val=0; + return 0; /* OK */ + } + return 1; /* FAILED */ + case TYPE_INT: + ptr->opt_val[socket_type]->i_val=strtol(opt_val_str, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return 1; /* FAILED */ + return 0; /* OK */ + case TYPE_LINGER: + opt_val2_str=strchr(opt_val_str, ':'); + if(opt_val2_str) { + *opt_val2_str++='\0'; + ptr->opt_val[socket_type]->linger_val.l_linger= + (u_short)strtol(opt_val2_str, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return 1; /* FAILED */ + } else { + ptr->opt_val[socket_type]->linger_val.l_linger=0; + } + ptr->opt_val[socket_type]->linger_val.l_onoff= + (u_short)strtol(opt_val_str, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return 1; /* FAILED */ + return 0; /* OK */ + case TYPE_TIMEVAL: + opt_val2_str=strchr(opt_val_str, ':'); + if(opt_val2_str) { + *opt_val2_str++='\0'; + ptr->opt_val[socket_type]->timeval_val.tv_usec=strtol(opt_val2_str, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return 1; /* FAILED */ + } else { + ptr->opt_val[socket_type]->timeval_val.tv_usec=0; + } + ptr->opt_val[socket_type]->timeval_val.tv_sec=strtol(opt_val_str, &tmpstr, 10); + if(tmpstr==arg || *tmpstr) /* not a number */ + return 1; /* FAILED */ + return 0; /* OK */ + case TYPE_STRING: + if(strlen(opt_val_str)+1>sizeof(OPT_UNION)) + return 1; /* FAILED */ + strcpy(ptr->opt_val[socket_type]->c_val, opt_val_str); + return 0; /* OK */ + default: + ; /* ANSI C compiler needs it */ + } + return 1; /* FAILED */ +} + +/**************************************** OCSP */ + +#ifdef HAVE_OSSL_OCSP_H + +static char *parse_ocsp_url(SERVICE_OPTIONS *section, char *arg) { + char *host, *port, *path; + int ssl; + + if(!OCSP_parse_url(arg, &host, &port, &path, &ssl)) + return "Failed to parse OCSP URL"; + if(ssl) + return "SSL not supported for OCSP" + " - additional stunnel service needs to be defined"; + if(!hostport2addr(§ion->ocsp_addr, host, port)) + return "Failed to resolve OCSP server address"; + section->ocsp_path=str_dup(path); + if(host) + OPENSSL_free(host); + if(port) + OPENSSL_free(port); + if(path) + OPENSSL_free(path); + return NULL; /* OK! */ +} + +static unsigned long parse_ocsp_flag(char *arg) { + struct { + char *name; + unsigned long value; + } ocsp_opts[] = { + {"NOCERTS", OCSP_NOCERTS}, + {"NOINTERN", OCSP_NOINTERN}, + {"NOSIGS", OCSP_NOSIGS}, + {"NOCHAIN", OCSP_NOCHAIN}, + {"NOVERIFY", OCSP_NOVERIFY}, + {"NOEXPLICIT", OCSP_NOEXPLICIT}, + {"NOCASIGN", OCSP_NOCASIGN}, + {"NODELEGATED", OCSP_NODELEGATED}, + {"NOCHECKS", OCSP_NOCHECKS}, + {"TRUSTOTHER", OCSP_TRUSTOTHER}, + {"RESPID_KEY", OCSP_RESPID_KEY}, + {"NOTIME", OCSP_NOTIME}, + {NULL, 0} + }, *option; + + for(option=ocsp_opts; option->name; ++option) + if(!strcasecmp(option->name, arg)) + return option->value; + return 0; /* FAILED */ +} + +#endif /* HAVE_OSSL_OCSP_H */ + +/**************************************** engine */ + +#ifdef HAVE_OSSL_ENGINE_H + +#define MAX_ENGINES 256 +static ENGINE *engines[MAX_ENGINES]; /* table of engines */ +static int current_engine=0; +static int engine_initialized; + +static char *open_engine(const char *name) { + s_log(LOG_DEBUG, "Enabling support for engine '%s'", name); + if(!strcasecmp(name, "auto")) { + ENGINE_register_all_complete(); + s_log(LOG_DEBUG, "Auto engine support enabled"); + return NULL; /* OK */ + } + + close_engine(); /* close the previous one (if specified) */ + engines[current_engine]=ENGINE_by_id(name); + engine_initialized=0; + if(!engines[current_engine]) { + sslerror("ENGINE_by_id"); + return "Failed to open the engine"; + } + return NULL; /* OK */ +} + +static char *ctrl_engine(const char *cmd, const char *arg) { + if(!strcasecmp(cmd, "INIT")) { /* special control command */ + return init_engine(); + } + if(arg) + s_log(LOG_DEBUG, "Executing engine control command %s:%s", cmd, arg); + else + s_log(LOG_DEBUG, "Executing engine control command %s", cmd); + if(!ENGINE_ctrl_cmd_string(engines[current_engine], cmd, arg, 0)) { + sslerror("ENGINE_ctrl_cmd_string"); + return "Failed to execute the engine control command"; + } + return NULL; /* OK */ +} + +static char *init_engine(void) { + if(engine_initialized) + return NULL; /* OK */ + engine_initialized=1; + s_log(LOG_DEBUG, "Initializing engine %d", current_engine+1); + if(!ENGINE_init(engines[current_engine])) { + if(ERR_peek_last_error()) /* really an error */ + sslerror("ENGINE_init"); + else + s_log(LOG_ERR, "Engine %d not initialized", current_engine+1); + return "Engine initialization failed"; + } + if(!ENGINE_set_default(engines[current_engine], ENGINE_METHOD_ALL)) { + sslerror("ENGINE_set_default"); + return "Selecting default engine failed"; + } + s_log(LOG_DEBUG, "Engine %d initialized", current_engine+1); + return NULL; /* OK */ +} + +static void close_engine(void) { + if(!engines[current_engine]) + return; /* no engine was opened -> nothing to do */ + init_engine(); + ++current_engine; +#if 0 + ENGINE_finish(e); + ENGINE_free(e); + e=NULL; + s_log(LOG_DEBUG, "Engine closed"); +#endif +} + +static ENGINE *get_engine(int i) { + if(i<1 || i>current_engine) + return NULL; + return engines[i-1]; +} + +#endif /* HAVE_OSSL_ENGINE_H */ + +/**************************************** fatal error */ + +static void print_syntax(void) { + s_log(LOG_NOTICE, " "); + s_log(LOG_NOTICE, "Syntax:"); + s_log(LOG_NOTICE, "stunnel " +#ifdef USE_WIN32 +#ifndef _WIN32_WCE + "[ [-install | -uninstall] " +#endif + "[-quiet] " +#endif + "[] ] " +#ifndef USE_WIN32 + "-fd " +#endif + "| -help | -version | -sockets"); + s_log(LOG_NOTICE, " - use specified config file"); +#ifdef USE_WIN32 +#ifndef _WIN32_WCE + s_log(LOG_NOTICE, " -install - install NT service"); + s_log(LOG_NOTICE, " -uninstall - uninstall NT service"); +#endif + s_log(LOG_NOTICE, " -quiet - don't display a message box on success"); +#else + s_log(LOG_NOTICE, " -fd - read the config file from a file descriptor"); +#endif + s_log(LOG_NOTICE, " -help - get config file help"); + s_log(LOG_NOTICE, " -version - display version and defaults"); + s_log(LOG_NOTICE, " -sockets - display default socket options"); +} + +/**************************************** various supporting functions */ + +static void config_error(int num, const char *line, const char *str) { + s_log(LOG_ERR, "Line %d: \"%s\": %s", num, line, str); +} + +static void section_error(const char *name, const char *str) { + s_log(LOG_ERR, "Section %s: %s", name, str); +} + +#ifndef USE_WIN32 + +static char **argalloc(char *str) { /* allocate 'exec' argumets */ + int max_arg, i; + char *ptr, **retval; + + max_arg=strlen(str)/2+1; + ptr=str_dup(str); + retval=str_alloc((max_arg+1)*sizeof(char *)); + i=0; + while(*ptr && i + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#define isprefix(a, b) (strncasecmp((a), (b), strlen(b))==0) + +/* protocol-specific function prototypes */ +static void proxy_server(CLI *c); +static void cifs_client(CLI *); +static void cifs_server(CLI *); +static void pgsql_client(CLI *); +static void pgsql_server(CLI *); +static void smtp_client(CLI *); +static void smtp_server(CLI *); +static void pop3_client(CLI *); +static void pop3_server(CLI *); +static void imap_client(CLI *); +static void imap_server(CLI *); +static void nntp_client(CLI *); +static void connect_server(CLI *); +static void connect_client(CLI *); + +#if !defined(OPENSSL_NO_MD4) && OPENSSL_VERSION_NUMBER>=0x0090700fL +static void ntlm(CLI *); +static char *ntlm1(); +static char *ntlm3(char *, char *, char *); +static void crypt_DES(DES_cblock, DES_cblock, DES_cblock); +#endif +static char *base64(int, char *, int); + +/**************************************** framework */ + +typedef void (*FUNCTION)(CLI *); + +static const struct { + char *name; + struct { + PROTOCOL_TYPE type; + FUNCTION func; + } handlers[2]; +} protocols[]={ + {"proxy", {{PROTOCOL_PRE_SSL, proxy_server}, {PROTOCOL_PRE_SSL, NULL}}}, + {"cifs", {{PROTOCOL_PRE_CONNECT, cifs_server}, {PROTOCOL_PRE_SSL, cifs_client}}}, + {"pgsql", {{PROTOCOL_PRE_CONNECT, pgsql_server}, {PROTOCOL_PRE_SSL, pgsql_client}}}, + {"smtp", {{PROTOCOL_PRE_SSL, smtp_server}, {PROTOCOL_PRE_SSL, smtp_client}}}, + {"pop3", {{PROTOCOL_PRE_SSL, pop3_server}, {PROTOCOL_PRE_SSL, pop3_client}}}, + {"imap", {{PROTOCOL_PRE_SSL, imap_server}, {PROTOCOL_PRE_SSL, imap_client}}}, + {"nntp", {{PROTOCOL_NONE, NULL}, {PROTOCOL_PRE_SSL, nntp_client}}}, + {"connect", {{PROTOCOL_PRE_CONNECT, connect_server}, {PROTOCOL_PRE_SSL, connect_client}}}, + {NULL, {{PROTOCOL_NONE, NULL}, {PROTOCOL_NONE, NULL}}} +}; + +int find_protocol_id(const char *name) { + int id; + + for(id=0; protocols[id].name; ++id) + if(!strcmp(name, protocols[id].name)) + return id; + return -1; +} + +void protocol(CLI *c, const PROTOCOL_TYPE type) { + const int id=c->opt->protocol, mode=(unsigned int)c->opt->option.client; + + if(id<0 || type!=protocols[id].handlers[mode].type || + !protocols[id].handlers[mode].func) + return; + s_log(LOG_INFO, "%s-mode %s protocol negotiations started", + mode ? "Client" : "Server", protocols[id].name); + protocols[id].handlers[mode].func(c); + s_log(LOG_INFO, "%s-mode %s protocol negotiations succeeded", + mode ? "Client" : "Server", protocols[id].name); +} + +/**************************************** proxy */ + +/* + * PROXY protocol: http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt + * this is a protocol client support for stunnel acting as an SSL server + * I don't think anything else is useful, but feel free to discuss on the + * stunnel-users mailing list if you disagree + */ + +/* IP address textual representation length */ +/* 1234:6789:1234:6789:1234:6789:1234:6789 -> 40 chars with '\0' */ +#define IP_LEN 40 +#define PORT_LEN 6 + +static void proxy_server(CLI *c) { + SOCKADDR_UNION addr; + socklen_t addrlen; + char src_host[IP_LEN], dst_host[IP_LEN]; + char src_port[PORT_LEN], dst_port[PORT_LEN], *proto; + int err; + + addrlen=sizeof addr; + if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)) { + sockerror("getpeername"); + longjmp(c->err, 1); + } + err=getnameinfo(&addr.sa, addr_len(&addr), src_host, IP_LEN, + src_port, PORT_LEN, NI_NUMERICHOST|NI_NUMERICSERV); + if(err) { + s_log(LOG_ERR, "getnameinfo: %s", s_gai_strerror(err)); + longjmp(c->err, 1); + } + + addrlen=sizeof addr; + if(getsockname(c->local_rfd.fd, &addr.sa, &addrlen)) { + sockerror("getsockname"); + longjmp(c->err, 1); + } + err=getnameinfo(&addr.sa, addr_len(&addr), dst_host, IP_LEN, + dst_port, PORT_LEN, NI_NUMERICHOST|NI_NUMERICSERV); + if(err) { + s_log(LOG_ERR, "getnameinfo: %s", s_gai_strerror(err)); + longjmp(c->err, 1); + } + + switch(addr.sa.sa_family) { + case AF_INET: + proto="TCP4"; + break; + case AF_INET6: + proto="TCP6"; + break; + default: /* AF_UNIX */ + proto="UNKNOWN"; + } + fd_printf(c, c->remote_fd.fd, "PROXY %s %s %s %s %s", + proto, src_host, dst_host, src_port, dst_port); +} + +/**************************************** cifs */ + +static void cifs_client(CLI *c) { + u8 buffer[5]; + u8 request_dummy[4] = {0x81, 0, 0, 0}; /* a zero-length request */ + + write_blocking(c, c->remote_fd.fd, request_dummy, 4); + read_blocking(c, c->remote_fd.fd, buffer, 5); + if(buffer[0]!=0x83) { /* NB_SSN_NEGRESP */ + s_log(LOG_ERR, "Negative response expected"); + longjmp(c->err, 1); + } + if(buffer[2]!=0 || buffer[3]!=1) { /* length != 1 */ + s_log(LOG_ERR, "Unexpected NetBIOS response size"); + longjmp(c->err, 1); + } + if(buffer[4]!=0x8e) { /* use SSL */ + s_log(LOG_ERR, "Remote server does not require SSL"); + longjmp(c->err, 1); + } +} + +static void cifs_server(CLI *c) { + u8 buffer[128]; + u8 response_access_denied[5] = {0x83, 0, 0, 1, 0x81}; + u8 response_use_ssl[5] = {0x83, 0, 0, 1, 0x8e}; + u16 len; + + read_blocking(c, c->local_rfd.fd, buffer, 4) ;/* NetBIOS header */ + len=buffer[3]; + len|=(u16)(buffer[2]) << 8; + if(len>sizeof buffer-4) { + s_log(LOG_ERR, "Received block too long"); + longjmp(c->err, 1); + } + read_blocking(c, c->local_rfd.fd, buffer+4, len); + if(buffer[0]!=0x81){ /* NB_SSN_REQUEST */ + s_log(LOG_ERR, "Client did not send session setup"); + write_blocking(c, c->local_wfd.fd, response_access_denied, 5); + longjmp(c->err, 1); + } + write_blocking(c, c->local_wfd.fd, response_use_ssl, 5); +} + +/**************************************** pgsql */ + +/* http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982 */ +u8 ssl_request[8]={0, 0, 0, 8, 0x04, 0xd2, 0x16, 0x2f}; + +static void pgsql_client(CLI *c) { + u8 buffer[1]; + + write_blocking(c, c->remote_fd.fd, ssl_request, sizeof ssl_request); + read_blocking(c, c->remote_fd.fd, buffer, 1); + /* S - accepted, N - rejected, non-SSL preferred */ + if(buffer[0]!='S') { + s_log(LOG_ERR, "PostgreSQL server rejected SSL"); + longjmp(c->err, 1); + } +} + +static void pgsql_server(CLI *c) { + u8 buffer[8], ssl_ok[1]={'S'}; + + memset(buffer, 0, sizeof buffer); + read_blocking(c, c->local_rfd.fd, buffer, sizeof buffer); + if(memcmp(buffer, ssl_request, sizeof ssl_request)) { + s_log(LOG_ERR, "PostgreSQL client did not request SSL, rejecting"); + /* no way to send error on startup, so just drop the client */ + longjmp(c->err, 1); + } + write_blocking(c, c->local_wfd.fd, ssl_ok, sizeof ssl_ok); +} + +/**************************************** smtp */ + +static void smtp_client(CLI *c) { + char *line; + + do { /* copy multiline greeting */ + line=fd_getline(c, c->remote_fd.fd); + fd_putline(c, c->local_wfd.fd, line); + } while(isprefix(line, "220-")); + + fd_putline(c, c->remote_fd.fd, "EHLO localhost"); + do { /* skip multiline reply */ + line=fd_getline(c, c->remote_fd.fd); + } while(isprefix(line, "250-")); + if(!isprefix(line, "250 ")) { /* error */ + s_log(LOG_ERR, "Remote server is not RFC 1425 compliant"); + longjmp(c->err, 1); + } + + fd_putline(c, c->remote_fd.fd, "STARTTLS"); + do { /* skip multiline reply */ + line=fd_getline(c, c->remote_fd.fd); + } while(isprefix(line, "220-")); + if(!isprefix(line, "220 ")) { /* error */ + s_log(LOG_ERR, "Remote server is not RFC 2487 compliant"); + longjmp(c->err, 1); + } +} + +static void smtp_server(CLI *c) { + char *line; + + s_poll_init(c->fds); + s_poll_add(c->fds, c->local_rfd.fd, 1, 0); + switch(s_poll_wait(c->fds, 0, 200)) { /* wait up to 200ms */ + case 0: /* fd not ready to read */ + s_log(LOG_DEBUG, "RFC 2487 detected"); + break; + case 1: /* fd ready to read */ + s_log(LOG_DEBUG, "RFC 2487 not detected"); + return; /* return if RFC 2487 is not used */ + default: /* -1 */ + sockerror("RFC2487 (s_poll_wait)"); + longjmp(c->err, 1); + } + + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "220")) { + s_log(LOG_ERR, "Unknown server welcome"); + longjmp(c->err, 1); + } + fd_printf(c, c->local_wfd.fd, "%s + stunnel", line); + line=fd_getline(c, c->local_rfd.fd); + if(!isprefix(line, "EHLO ")) { + s_log(LOG_ERR, "Unknown client EHLO"); + longjmp(c->err, 1); + } + fd_printf(c, c->local_wfd.fd, "250-%s Welcome", line); + fd_putline(c, c->local_wfd.fd, "250 STARTTLS"); + line=fd_getline(c, c->local_rfd.fd); + if(!isprefix(line, "STARTTLS")) { + s_log(LOG_ERR, "STARTTLS expected"); + longjmp(c->err, 1); + } + fd_putline(c, c->local_wfd.fd, "220 Go ahead"); +} + +/**************************************** pop3 */ + +static void pop3_client(CLI *c) { + char *line; + + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "+OK ")) { + s_log(LOG_ERR, "Unknown server welcome"); + longjmp(c->err, 1); + } + fd_putline(c, c->local_wfd.fd, line); + fd_putline(c, c->remote_fd.fd, "STLS"); + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "+OK ")) { + s_log(LOG_ERR, "Server does not support TLS"); + longjmp(c->err, 1); + } +} + +static void pop3_server(CLI *c) { + char *line; + + line=fd_getline(c, c->remote_fd.fd); + fd_printf(c, c->local_wfd.fd, "%s + stunnel", line); + line=fd_getline(c, c->local_rfd.fd); + if(isprefix(line, "CAPA")) { /* client wants RFC 2449 extensions */ + fd_putline(c, c->local_wfd.fd, "+OK Stunnel capability list follows"); + fd_putline(c, c->local_wfd.fd, "STLS"); + fd_putline(c, c->local_wfd.fd, "."); + line=fd_getline(c, c->local_rfd.fd); + } + if(!isprefix(line, "STLS")) { + s_log(LOG_ERR, "Client does not want TLS"); + longjmp(c->err, 1); + } + fd_putline(c, c->local_wfd.fd, "+OK Stunnel starts TLS negotiation"); +} + +/**************************************** imap */ + +static void imap_client(CLI *c) { + char *line; + + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "* OK")) { + s_log(LOG_ERR, "Unknown server welcome"); + longjmp(c->err, 1); + } + fd_putline(c, c->local_wfd.fd, line); + fd_putline(c, c->remote_fd.fd, "stunnel STARTTLS"); + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "stunnel OK")) { + fd_putline(c, c->local_wfd.fd, + "* BYE stunnel: Server does not support TLS"); + s_log(LOG_ERR, "Server does not support TLS"); + longjmp(c->err, 2); /* don't reset */ + } +} + +static void imap_server(CLI *c) { + char *line, *id, *tail, *capa; + + s_poll_init(c->fds); + s_poll_add(c->fds, c->local_rfd.fd, 1, 0); + switch(s_poll_wait(c->fds, 0, 200)) { + case 0: /* fd not ready to read */ + s_log(LOG_DEBUG, "RFC 2595 detected"); + break; + case 1: /* fd ready to read */ + s_log(LOG_DEBUG, "RFC 2595 not detected"); + return; /* return if RFC 2595 is not used */ + default: /* -1 */ + sockerror("RFC2595 (s_poll_wait)"); + longjmp(c->err, 1); + } + + /* process server welcome and send it to client */ + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "* OK")) { + s_log(LOG_ERR, "Unknown server welcome"); + longjmp(c->err, 1); + } + capa=strstr(line, "CAPABILITY"); + if(!capa) + capa=strstr(line, "capability"); + if(capa) + *capa='K'; /* disable CAPABILITY within greeting */ + fd_printf(c, c->local_wfd.fd, "%s (stunnel)", line); + + while(1) { /* process client commands */ + line=fd_getline(c, c->local_rfd.fd); + /* split line into id and tail */ + id=str_dup(line); + tail=strchr(id, ' '); + if(!tail) + break; + *tail++='\0'; + + if(isprefix(tail, "STARTTLS")) { + fd_printf(c, c->local_wfd.fd, + "%s OK Begin TLS negotiation now", id); + return; /* success */ + } else if(isprefix(tail, "CAPABILITY")) { + fd_putline(c, c->remote_fd.fd, line); /* send it to server */ + line=fd_getline(c, c->remote_fd.fd); /* get the capabilites */ + if(*line=='*') { + /* + * append STARTTLS + * should also add LOGINDISABLED, but can't because + * of Mozilla bug #324138/#312009 + * LOGIN would fail as "unexpected command", anyway + */ + fd_printf(c, c->local_wfd.fd, "%s STARTTLS", line); + line=fd_getline(c, c->remote_fd.fd); /* next line */ + } + fd_putline(c, c->local_wfd.fd, line); /* forward to the client */ + tail=strchr(line, ' '); + if(!tail || !isprefix(tail+1, "OK")) { /* not OK? */ + fd_putline(c, c->local_wfd.fd, + "* BYE unexpected server response"); + s_log(LOG_ERR, "Unexpected server response: %s", line); + break; + } + } else if(isprefix(tail, "LOGOUT")) { + fd_putline(c, c->local_wfd.fd, "* BYE server terminating"); + fd_printf(c, c->local_wfd.fd, "%s OK LOGOUT completed", id); + break; + } else { + fd_putline(c, c->local_wfd.fd, "* BYE stunnel: unexpected command"); + fd_printf(c, c->local_wfd.fd, "%s BAD %s unexpected", id, tail); + s_log(LOG_ERR, "Unexpected client command %s", tail); + break; + } + } + /* clean server shutdown */ + fd_putline(c, c->remote_fd.fd, "stunnel LOGOUT"); + line=fd_getline(c, c->remote_fd.fd); + if(*line=='*') + line=fd_getline(c, c->remote_fd.fd); + longjmp(c->err, 2); /* don't reset */ +} + +/**************************************** nntp */ + +static void nntp_client(CLI *c) { + char *line; + + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "200 ") && !isprefix(line, "201 ")) { + s_log(LOG_ERR, "Unknown server welcome"); + longjmp(c->err, 1); + } + fd_putline(c, c->local_wfd.fd, line); + fd_putline(c, c->remote_fd.fd, "STARTTLS"); + line=fd_getline(c, c->remote_fd.fd); + if(!isprefix(line, "382 ")) { + s_log(LOG_ERR, "Server does not support TLS"); + longjmp(c->err, 1); + } +} + +/**************************************** connect */ + +static void connect_server(CLI *c) { + char *request, *proto, *header; + int not_empty; + + request=fd_getline(c, c->local_rfd.fd); + if(!isprefix(request, "CONNECT ")) { + fd_putline(c, c->local_wfd.fd, "HTTP/1.0 400 Bad Request Method"); + fd_putline(c, c->local_wfd.fd, "Server: stunnel/" STUNNEL_VERSION); + fd_putline(c, c->local_wfd.fd, ""); + longjmp(c->err, 1); + } + proto=strchr(request+8, ' '); + if(!proto || !isprefix(proto, " HTTP/")) { + fd_putline(c, c->local_wfd.fd, "HTTP/1.0 400 Bad Request Protocol"); + fd_putline(c, c->local_wfd.fd, "Server: stunnel/" STUNNEL_VERSION); + fd_putline(c, c->local_wfd.fd, ""); + longjmp(c->err, 1); + } + *proto='\0'; + do { /* ignore any headers*/ + header=fd_getline(c, c->local_rfd.fd); + not_empty=*header; + str_free(header); + } while(not_empty); + if(!name2addrlist(&c->connect_addr, request+8, DEFAULT_LOOPBACK)) { + fd_putline(c, c->local_wfd.fd, "HTTP/1.0 404 Not Found"); + fd_putline(c, c->local_wfd.fd, "Server: stunnel/" STUNNEL_VERSION); + fd_putline(c, c->local_wfd.fd, ""); + longjmp(c->err, 1); + } + str_free(request); + fd_putline(c, c->local_wfd.fd, "HTTP/1.0 200 OK"); + fd_putline(c, c->local_wfd.fd, "Server: stunnel/" STUNNEL_VERSION); + fd_putline(c, c->local_wfd.fd, ""); +} + +static void connect_client(CLI *c) { + char *line, *encoded; + + if(!c->opt->protocol_host) { + s_log(LOG_ERR, "protocolHost not specified"); + longjmp(c->err, 1); + } + fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", + c->opt->protocol_host); + fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); + if(c->opt->protocol_username && c->opt->protocol_password) { + if(!strcasecmp(c->opt->protocol_authentication, "NTLM")) { +#if !defined(OPENSSL_NO_MD4) && OPENSSL_VERSION_NUMBER>=0x0090700fL + ntlm(c); +#else + s_log(LOG_ERR, "NTLM authentication is not available"); + longjmp(c->err, 1); +#endif + } else { /* basic authentication */ + line=str_printf("%s:%s", + c->opt->protocol_username, c->opt->protocol_password); + encoded=base64(1, line, strlen(line)); + str_free(line); + if(!encoded) { + s_log(LOG_ERR, "Base64 encoder failed"); + longjmp(c->err, 1); + } + fd_printf(c, c->remote_fd.fd, "Proxy-Authorization: basic %s", + encoded); + str_free(encoded); + } + } + fd_putline(c, c->remote_fd.fd, ""); /* empty line */ + line=fd_getline(c, c->remote_fd.fd); + if(strlen(line)<12 || line[9]!='2') { + /* not "HTTP/1.0 200 Connection established" */ + s_log(LOG_ERR, "CONNECT request rejected"); + do { /* read all headers */ + line=fd_getline(c, c->remote_fd.fd); + } while(*line); + longjmp(c->err, 1); + } + s_log(LOG_INFO, "CONNECT request accepted"); + do { + line=fd_getline(c, c->remote_fd.fd); /* read all headers */ + } while(*line); +} + +#if !defined(OPENSSL_NO_MD4) && OPENSSL_VERSION_NUMBER>=0x0090700fL + +/* + * NTLM code is based on the following documentation: + * http://davenport.sourceforge.net/ntlm.html + * http://www.innovation.ch/personal/ronald/ntlm.html + */ + +#define s_min(a, b) ((a)>(b)?(b):(a)) + +static void ntlm(CLI *c) { + char *line, buf[BUFSIZ], *ntlm1_txt, *ntlm2_txt, *ntlm3_txt; + long content_length=0; /* no HTTP content */ + + /* send Proxy-Authorization (phase 1) */ + fd_printf(c, c->remote_fd.fd, "Proxy-Connection: keep-alive"); + ntlm1_txt=ntlm1(); + if(!ntlm1_txt) { + s_log(LOG_ERR, "Proxy-Authenticate: Failed to build NTLM request"); + longjmp(c->err, 1); + } + fd_printf(c, c->remote_fd.fd, "Proxy-Authorization: NTLM %s", ntlm1_txt); + str_free(ntlm1_txt); + fd_putline(c, c->remote_fd.fd, ""); /* empty line */ + line=fd_getline(c, c->remote_fd.fd); + + /* receive Proxy-Authenticate (phase 2) */ + if(line[9]!='4' || line[10]!='0' || line[11]!='7') { /* code 407 */ + s_log(LOG_ERR, "NTLM authorization request rejected"); + do { /* read all headers */ + line=fd_getline(c, c->remote_fd.fd); + } while(*line); + longjmp(c->err, 1); + } + ntlm2_txt=NULL; + do { /* read all headers */ + line=fd_getline(c, c->remote_fd.fd); + if(isprefix(line, "Proxy-Authenticate: NTLM ")) + ntlm2_txt=str_dup(line+25); + else if(isprefix(line, "Content-Length: ")) + content_length=atol(line+16); + } while(*line); + if(!ntlm2_txt) { /* no Proxy-Authenticate: NTLM header */ + s_log(LOG_ERR, "Proxy-Authenticate: NTLM header not found"); + longjmp(c->err, 1); + } + + /* read and ignore HTTP content (if any) */ + while(content_length) { + read_blocking(c, c->remote_fd.fd, buf, s_min(content_length, BUFSIZ)); + content_length-=s_min(content_length, BUFSIZ); + } + + /* send Proxy-Authorization (phase 3) */ + fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", c->opt->protocol_host); + fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); + ntlm3_txt=ntlm3(c->opt->protocol_username, c->opt->protocol_password, ntlm2_txt); + str_free(ntlm2_txt); + if(!ntlm3_txt) { + s_log(LOG_ERR, "Proxy-Authenticate: Failed to build NTLM response"); + longjmp(c->err, 1); + } + fd_printf(c, c->remote_fd.fd, "Proxy-Authorization: NTLM %s", ntlm3_txt); + str_free(ntlm3_txt); +} + +static char *ntlm1() { + char phase1[16]; + + memset(phase1, 0, sizeof phase1); + strcpy(phase1, "NTLMSSP"); + phase1[8]=1; /* type: 1 */ + phase1[12]=2; /* flag: negotiate OEM */ + phase1[13]=2; /* flag: negotiate NTLM */ + return base64(1, phase1, sizeof phase1); /* encode */ +} + +static char *ntlm3(char *username, char *password, char *phase2) { + MD4_CTX md4; + char *decoded; /* decoded reply from proxy */ + char phase3[146]; + unsigned char md4_hash[21]; + unsigned int userlen=strlen(username); + unsigned int phase3len=s_min(88+userlen, sizeof phase3); + + /* setup phase3 structure */ + memset(phase3, 0, sizeof phase3); + strcpy(phase3, "NTLMSSP"); + phase3[8]=3; /* type: 3 */ + phase3[16]=phase3len; /* LM-resp off */ + phase3[20]=24; /* NT-resp len */ + phase3[22]=24; /* NT-Resp len */ + phase3[24]=64; /* NT-resp off */ + phase3[32]=phase3len; /* domain offset */ + phase3[36]=userlen; /* user length */ + phase3[38]=userlen; /* user length */ + phase3[40]=88; /* user offset */ + phase3[48]=phase3len; /* host offset */ + phase3[56]=phase3len; /* message len */ + phase3[60]=2; /* flag: negotiate OEM */ + phase3[61]=2; /* flag: negotiate NTLM */ + + /* calculate MD4 of UTF-16 encoded password */ + MD4_Init(&md4); + while(*password) { + MD4_Update(&md4, password++, 1); + MD4_Update(&md4, "", 1); /* UTF-16 */ + } + MD4_Final(md4_hash, &md4); + memset(md4_hash+16, 0, 5); /* pad to 21 bytes */ + + /* decode challenge and calculate response */ + decoded=base64(0, phase2, strlen(phase2)); /* decode */ + if(!decoded) + return NULL; + crypt_DES((unsigned char *)phase3+64, + (unsigned char *)decoded+24, md4_hash); + crypt_DES((unsigned char *)phase3+72, + (unsigned char *)decoded+24, md4_hash+7); + crypt_DES((unsigned char *)phase3+80, + (unsigned char *)decoded+24, md4_hash+14); + str_free(decoded); + + strncpy(phase3+88, username, sizeof phase3-88); + + return base64(1, phase3, phase3len); /* encode */ +} + +static void crypt_DES(DES_cblock dst, const_DES_cblock src, DES_cblock hash) { + DES_cblock key; + DES_key_schedule sched; + + /* convert key from 56 to 64 bits */ + key[0]=hash[0]; + key[1]=((hash[0]&1)<<7)|(hash[1]>>1); + key[2]=((hash[1]&3)<<6)|(hash[2]>>2); + key[3]=((hash[2]&7)<<5)|(hash[3]>>3); + key[4]=((hash[3]&15)<<4)|(hash[4]>>4); + key[5]=((hash[4]&31)<<3)|(hash[5]>>5); + key[6]=((hash[5]&63)<<2)|(hash[6]>>6); + key[7]=((hash[6]&127)<<1); + DES_set_odd_parity(&key); + + /* encrypt */ + DES_set_key_unchecked(&key, &sched); + DES_ecb_encrypt((const_DES_cblock *)src, + (DES_cblock *)dst, &sched, DES_ENCRYPT); +} + +#endif + +static char *base64(int encode, char *in, int len) { + BIO *bio, *b64; + char *out; + int n; + + b64=BIO_new(BIO_f_base64()); + if(!b64) + return NULL; + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); + bio=BIO_new(BIO_s_mem()); + if(!bio) { + str_free(b64); + return NULL; + } + if(encode) + bio=BIO_push(b64, bio); + BIO_write(bio, in, len); + (void)BIO_flush(bio); /* ignore the error if any */ + if(encode) { + bio=BIO_pop(bio); + BIO_free(b64); + } else { + bio=BIO_push(b64, bio); + } + n=BIO_pending(bio); + /* 32 bytes as a safety precaution for passing decoded data to crypt_DES */ + /* n+1 to get null-terminated string on encode */ + out=str_alloc(n<32?32:n+1); + n=BIO_read(bio, out, n); + if(n<0) { + BIO_free_all(bio); + str_free(out); + return NULL; + } + BIO_free_all(bio); + return out; +} + +/* end of protocol.c */ diff --git a/src/prototypes.h b/src/prototypes.h new file mode 100644 index 0000000..01f39c6 --- /dev/null +++ b/src/prototypes.h @@ -0,0 +1,590 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#ifndef PROTOTYPES_H +#define PROTOTYPES_H + +#include "common.h" + +/**************************************** data structures */ + +typedef enum { + LOG_MODE_NONE, + LOG_MODE_ERROR, + LOG_MODE_INFO, + LOG_MODE_CONFIGURED +} LOG_MODE; + +typedef union sockaddr_union { + struct sockaddr sa; + struct sockaddr_in in; +#ifdef USE_IPv6 + struct sockaddr_in6 in6; +#endif +#ifdef HAVE_STRUCT_SOCKADDR_UN + struct sockaddr_un un; +#endif +} SOCKADDR_UNION; + +typedef struct sockaddr_list { /* list of addresses */ + SOCKADDR_UNION *addr; /* the list of addresses */ + u16 cur; /* current address for round-robin */ + u16 num; /* how many addresses are used */ +} SOCKADDR_LIST; + +#ifndef OPENSSL_NO_COMP +typedef enum { + COMP_NONE, COMP_DEFLATE, COMP_ZLIB, COMP_RLE +} COMP_TYPE; +#endif /* OPENSSL_NO_COMP */ + +typedef struct { + /* some data for SSL initialization in ssl.c */ +#ifndef OPENSSL_NO_COMP + COMP_TYPE compression; /* compression type */ +#endif /* OPENSSL_NO_COMP */ + char *egd_sock; /* entropy gathering daemon socket */ + char *rand_file; /* file with random data */ + int random_bytes; /* how many random bytes to read */ + + /* some global data for stunnel.c */ +#ifndef USE_WIN32 +#ifdef HAVE_CHROOT + char *chroot_dir; +#endif + unsigned long dpid; + char *pidfile; + int uid, gid; +#endif + + /* logging-support data for log.c */ + int debug_level; /* debug level for logging */ +#ifndef USE_WIN32 + int facility; /* debug facility for syslog */ +#endif + char *output_file; + + /* on/off switches */ + struct { + unsigned int rand_write:1; /* overwrite rand_file */ +#ifdef USE_WIN32 + unsigned int taskbar:1; /* enable the taskbar icon */ +#else /* !USE_WIN32 */ + unsigned int foreground:1; + unsigned int syslog:1; +#endif +#ifdef USE_FIPS + unsigned int fips:1; /* enable FIPS 140-2 mode */ +#endif + } option; +} GLOBAL_OPTIONS; + +extern GLOBAL_OPTIONS global_options; + +#ifndef OPENSSL_NO_TLSEXT +typedef struct servername_list_struct SERVERNAME_LIST;/* forward declaration */ +#endif + +typedef struct service_options_struct { + struct service_options_struct *next; /* next node in the services list */ + SSL_CTX *ctx; /* SSL context */ + char *servname; /* service name for logging & permission checking */ + + /* service-specific data for sthreads.c */ +#ifndef USE_FORK + int stack_size; /* stack size for this thread */ +#endif + + /* service-specific data for verify.c */ + char *ca_dir; /* directory for hashed certs */ + char *ca_file; /* file containing bunches of certs */ + char *crl_dir; /* directory for hashed CRLs */ + char *crl_file; /* file containing bunches of CRLs */ + int verify_level; + X509_STORE *revocation_store; /* cert store for CRL checking */ +#ifdef HAVE_OSSL_OCSP_H + SOCKADDR_UNION ocsp_addr; + char *ocsp_path; + unsigned long ocsp_flags; +#endif + + /* service-specific data for ctx.c */ + char *cipher_list; + char *cert; /* cert filename */ + char *key; /* pem (priv key/cert) filename */ + long session_timeout; + long ssl_options; + SSL_METHOD *client_method, *server_method; + SOCKADDR_UNION sessiond_addr; +#ifndef OPENSSL_NO_TLSEXT + char *sni; + SERVERNAME_LIST *servername_list_head, *servername_list_tail; +#endif +#ifndef OPENSSL_NO_ECDH + int curve; +#endif +#ifdef HAVE_OSSL_ENGINE_H + ENGINE *engine; /* engine to read the private key */ +#endif + + /* service-specific data for client.c */ + int fd; /* file descriptor accepting connections for this service */ + SSL_SESSION *session; /* recently used session */ + char *execname; /* program name for local mode */ +#ifdef USE_WIN32 + char *execargs; /* program arguments for local mode */ +#else + char **execargs; /* program arguments for local mode */ +#endif + SOCKADDR_UNION local_addr, source_addr; + SOCKADDR_LIST connect_addr; + char *username; + char *connect_name; + int timeout_busy; /* maximum waiting for data time */ + int timeout_close; /* maximum close_notify time */ + int timeout_connect; /* maximum connect() time */ + int timeout_idle; /* maximum idle connection time */ + enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ + + /* service-specific data for protocol.c */ + int protocol; + char *protocol_host; + char *protocol_username; + char *protocol_password; + char *protocol_authentication; + + /* service-specific data for gui.c */ +#ifdef USE_WIN32 + int section_number; + LPTSTR file, help; + char *chain; +#endif + + /* on/off switches */ + struct { + unsigned int accept:1; /* endpoint: accept */ + unsigned int client:1; + unsigned int delayed_lookup:1; +#ifdef USE_LIBWRAP + unsigned int libwrap:1; +#endif + unsigned int local:1; /* outgoing interface specified */ + unsigned int remote:1; /* endpoint: connect */ + unsigned int retry:1; /* loop remote+program */ + unsigned int sessiond:1; + unsigned int program:1; /* endpoint: exec */ +#ifndef OPENSSL_NO_TLSEXT + unsigned int sni:1; /* endpoint: sni */ +#endif +#ifndef USE_WIN32 + unsigned int pty:1; + unsigned int transparent_src:1; + unsigned int transparent_dst:1; /* endpoint: transparent destination */ +#endif +#ifdef HAVE_OSSL_OCSP_H + unsigned int ocsp:1; +#endif + } option; +} SERVICE_OPTIONS; + +extern SERVICE_OPTIONS service_options; + +#ifndef OPENSSL_NO_TLSEXT +struct servername_list_struct { + char *servername; + SERVICE_OPTIONS *opt; + struct servername_list_struct *next; +}; +#endif + +typedef enum { + TYPE_NONE, TYPE_FLAG, TYPE_INT, TYPE_LINGER, TYPE_TIMEVAL, TYPE_STRING +} VAL_TYPE; + +typedef union { + int i_val; + long l_val; + char c_val[16]; + struct linger linger_val; + struct timeval timeval_val; +} OPT_UNION; + +typedef struct { + char *opt_str; + int opt_level; + int opt_name; + VAL_TYPE opt_type; + OPT_UNION *opt_val[3]; +} SOCK_OPT; + +typedef enum { + CONF_RELOAD, CONF_FILE, CONF_FD +} CONF_TYPE; + + /* s_poll_set definition for network.c */ + +typedef struct { +#ifdef USE_POLL + struct pollfd *ufds; + unsigned int nfds; + unsigned int allocated; +#else /* select */ + fd_set irfds, iwfds, ixfds, orfds, owfds, oxfds; + int max; +#endif +} s_poll_set; + +typedef struct disk_file { +#ifdef USE_WIN32 + HANDLE fh; +#else + int fd; +#endif + /* the inteface is prepared to easily implement buffering if needed */ +} DISK_FILE; + + /* FD definition for client.c */ + +typedef struct { + int fd; /* file descriptor */ + int is_socket; /* file descriptor is a socket */ +} FD; + +/**************************************** prototypes for stunnel.c */ + +#ifndef USE_FORK +extern int max_clients; +extern volatile int num_clients; +#endif + +void main_initialize(void); +int main_configure(char *, char *); +void daemon_loop(void); +void unbind_ports(void); +int bind_ports(void); +#if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2) +int drop_privileges(int); +#endif +void signal_post(int); +#if !defined(USE_WIN32) && !defined(USE_OS2) +void child_status(void); /* dead libwrap or 'exec' process detected */ +#endif +void stunnel_info(int); + +/**************************************** prototypes for fd.c */ + +#ifndef USE_FORK +void get_limits(void); /* setup global max_clients and max_fds */ +#endif +int s_socket(int, int, int, int, char *); +int s_pipe(int [2], int, char *); +int s_socketpair(int, int, int, int [2], int, char *); +int s_accept(int, struct sockaddr *, socklen_t *, int, char *); +void set_nonblock(int, unsigned long); + +/**************************************** prototypes for log.c */ + +#if !defined(USE_WIN32) && !defined(__vms) +void syslog_open(void); +void syslog_close(void); +#endif +void log_open(void); +void log_close(void); +void log_flush(LOG_MODE); +void s_log(int, const char *, ...) +#ifdef __GNUC__ + __attribute__((format(printf, 2, 3))); +#else + ; +#endif +void fatal_debug(char *, char *, int); +#define fatal(a) fatal_debug((a), __FILE__, __LINE__) +void ioerror(const char *); +void sockerror(const char *); +void log_error(int, int, const char *); +char *s_strerror(int); + +/**************************************** prototypes for pty.c */ + +int pty_allocate(int *, int *, char *); + +/**************************************** prototypes for ssl.c */ + +extern int cli_index, opt_index; + +int ssl_init(void); +int ssl_configure(GLOBAL_OPTIONS *); + +/**************************************** prototypes for options.c */ + +int parse_commandline(char *, char *); +int parse_conf(char *, CONF_TYPE); +void apply_conf(void); + +/**************************************** prototypes for ctx.c */ + +typedef struct { + SERVICE_OPTIONS *section; + char pass[PEM_BUFSIZE]; +} UI_DATA; + +int context_init(SERVICE_OPTIONS *); +void sslerror(char *); + +/**************************************** prototypes for verify.c */ + +int verify_init(SERVICE_OPTIONS *); + +/**************************************** prototypes for network.c */ + +s_poll_set *s_poll_alloc(void); +void s_poll_free(s_poll_set *); +void s_poll_init(s_poll_set *); +void s_poll_add(s_poll_set *, int, int, int); +int s_poll_canread(s_poll_set *, int); +int s_poll_canwrite(s_poll_set *, int); +int s_poll_error(s_poll_set *, FD *); +int s_poll_wait(s_poll_set *, int, int); + +#ifdef USE_WIN32 +#define SIGNAL_RELOAD_CONFIG 1 +#define SIGNAL_REOPEN_LOG 2 +#define SIGNAL_TERMINATE 3 +#else +#define SIGNAL_RELOAD_CONFIG SIGHUP +#define SIGNAL_REOPEN_LOG SIGUSR1 +#define SIGNAL_TERMINATE SIGTERM +#endif + +int set_socket_options(int, int); +int get_socket_error(const int); +int make_sockets(int [2]); + +/**************************************** prototypes for client.c */ + +typedef struct { + jmp_buf err; /* exception handler needs to be 16-byte aligned on Itanium */ + SSL *ssl; /* SSL connnection */ + SERVICE_OPTIONS *opt; + + SOCKADDR_UNION peer_addr; /* peer address */ + socklen_t peer_addr_len; + SOCKADDR_UNION *bind_addr; /* address to bind() the socket */ + SOCKADDR_LIST connect_addr; /* for dynamically assigned addresses */ + FD local_rfd, local_wfd; /* read and write local descriptors */ + FD remote_fd; /* remote file descriptor */ + /* IP for explicit local bind or transparent proxy */ + unsigned long pid; /* PID of the local process */ + int fd; /* temporary file descriptor */ + + /* data for transfer() function */ + char sock_buff[BUFFSIZE]; /* socket read buffer */ + char ssl_buff[BUFFSIZE]; /* SSL read buffer */ + int sock_ptr, ssl_ptr; /* index of first unused byte in buffer */ + FD *sock_rfd, *sock_wfd; /* read and write socket descriptors */ + FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ + int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */ + s_poll_set *fds; /* file descriptors */ +} CLI; + +CLI *alloc_client_session(SERVICE_OPTIONS *, int, int); +void *client_thread(void *); +void client_main(CLI *); + +/**************************************** prototypes for network.c */ + +int connect_blocking(CLI *, SOCKADDR_UNION *, socklen_t); +void write_blocking(CLI *, int fd, void *, int); +void read_blocking(CLI *, int fd, void *, int); +void fd_putline(CLI *, int, const char *); +char *fd_getline(CLI *, int); +/* descriptor versions of fprintf/fscanf */ +void fd_printf(CLI *, int, const char *, ...) +#ifdef __GNUC__ + __attribute__((format(printf, 3, 4))); +#else + ; +#endif + +/**************************************** prototype for protocol.c */ + +typedef enum { + PROTOCOL_NONE, + PROTOCOL_PRE_CONNECT, + PROTOCOL_PRE_SSL, + PROTOCOL_POST_SSL +} PROTOCOL_TYPE; + +int find_protocol_id(const char *); +void protocol(CLI *, const PROTOCOL_TYPE); + +/**************************************** prototypes for resolver.c */ + +int name2addr(SOCKADDR_UNION *, char *, char *); +int hostport2addr(SOCKADDR_UNION *, char *, char *); +int name2addrlist(SOCKADDR_LIST *, char *, char *); +int hostport2addrlist(SOCKADDR_LIST *, char *, char *); +char *s_ntop(SOCKADDR_UNION *, socklen_t); +socklen_t addr_len(const SOCKADDR_UNION *); +const char *s_gai_strerror(int); + +#ifndef HAVE_GETNAMEINFO + +#ifndef NI_NUMERICHOST +#define NI_NUMERICHOST 2 +#endif +#ifndef NI_NUMERICSERV +#define NI_NUMERICSERV 8 +#endif + +#ifdef USE_WIN32 +/* rename some locally shadowed declarations */ +#define getnameinfo local_getnameinfo +#endif /* defined USE_WIN32 */ + +int getnameinfo(const struct sockaddr *, int, char *, int, char *, int, int); + +#endif /* !defined HAVE_GETNAMEINFO */ + +/**************************************** prototypes for sthreads.c */ + +typedef enum { + CRIT_CLIENTS, CRIT_SESSION, CRIT_SSL, /* client.c */ + CRIT_INET, /* resolver.c */ +#ifndef USE_WIN32 + CRIT_LIBWRAP, /* libwrap.c */ +#endif + CRIT_LOG, /* log.c */ + CRIT_SECTIONS /* number of critical sections */ +} SECTION_CODE; + +void enter_critical_section(SECTION_CODE); +void leave_critical_section(SECTION_CODE); +int sthreads_init(void); +unsigned long stunnel_process_id(void); +unsigned long stunnel_thread_id(void); +int create_client(int, int, CLI *, void *(*)(void *)); +#ifdef USE_UCONTEXT +typedef struct CONTEXT_STRUCTURE { + char *stack; /* CPU stack for this thread */ + unsigned long id; + ucontext_t context; + s_poll_set *fds; + int ready; /* number of ready file descriptors */ + time_t finish; /* when to finish poll() for this context */ + struct CONTEXT_STRUCTURE *next; /* next context on a list */ + void *tls; /* thread local storage for str.c */ +} CONTEXT; +extern CONTEXT *ready_head, *ready_tail; +extern CONTEXT *waiting_head, *waiting_tail; +#endif +#ifdef _WIN32_WCE +long _beginthread(void (*)(void *), int, void *); +void _endthread(void); +#endif +#ifdef DEBUG_STACK_SIZE +void stack_info(int); +#endif + +/**************************************** prototypes for gui.c */ + +#ifdef USE_WIN32 +extern HWND hwnd; + +int passwd_cb(char *, int, int, void *); +#ifdef HAVE_OSSL_ENGINE_H +int pin_cb(UI *, UI_STRING *); +#endif + +#ifndef _WIN32_WCE +typedef int (CALLBACK * GETADDRINFO) (const char *, + const char *, const struct addrinfo *, struct addrinfo **); +typedef void (CALLBACK * FREEADDRINFO) (struct addrinfo FAR *); +typedef int (CALLBACK * GETNAMEINFO) (const struct sockaddr *, socklen_t, + char *, size_t, char *, size_t, int); +extern GETADDRINFO s_getaddrinfo; +extern FREEADDRINFO s_freeaddrinfo; +extern GETNAMEINFO s_getnameinfo; +#endif /* ! _WIN32_WCE */ +#endif /* USE_WIN32 */ + +/**************************************** prototypes for file.c */ + +#ifndef USE_WIN32 +DISK_FILE *file_fdopen(int); +#endif +DISK_FILE *file_open(char *, int); +void file_close(DISK_FILE *); +int file_getline(DISK_FILE *, char *, int); +int file_putline(DISK_FILE *, char *); + +#ifdef USE_WIN32 +LPTSTR str2tstr(const LPSTR); +LPSTR tstr2str(const LPTSTR); +#endif + +/**************************************** prototypes for libwrap.c */ + +int libwrap_init(); +void libwrap_auth(CLI *, char *); + +/**************************************** prototypes for str.c */ + +void str_init(); +void str_canary_init(); +void str_cleanup(); +void str_stats(); +void *str_alloc_debug(size_t, char *, int); +#define str_alloc(a) str_alloc_debug((a), __FILE__, __LINE__) +void *str_realloc_debug(void *, size_t, char *, int); +#define str_realloc(a, b) str_realloc_debug((a), (b), __FILE__, __LINE__) +void str_detach_debug(void *, char *, int); +#define str_detach(a) str_detach_debug((a), __FILE__, __LINE__) +void str_free_debug(void *, char *, int); +#define str_free(a) str_free_debug((a), __FILE__, __LINE__), (a)=NULL +char *str_dup(const char *); +char *str_vprintf(const char *, va_list); +char *str_printf(const char *, ...) +#ifdef __GNUC__ + __attribute__((format(printf, 1, 2))); +#else + ; +#endif + +#endif /* defined PROTOTYPES_H */ + +/* end of prototypes.h */ diff --git a/src/pty.c b/src/pty.c new file mode 100644 index 0000000..a0835da --- /dev/null +++ b/src/pty.c @@ -0,0 +1,221 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#ifdef HAVE_UTIL_H +#include +#endif /* HAVE_UTIL_H */ + +#ifdef HAVE_SYS_IOCTL_H +#include +#endif /* HAVE_SYS_IOCTL_H */ + +/* pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ +#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) +#undef HAVE_DEV_PTMX +#endif /* HAVE__GETPTY || HAVE_OPENPTY */ + +#ifdef HAVE_PTY_H +#include +#endif /* HAVE_PTY_H */ + +#ifdef HAVE_LIBUTIL_H +#include +#endif /* HAVE_LIBUTIL_H */ + +#ifndef O_NOCTTY +#define O_NOCTTY 0 +#endif /* O_NOCTTY */ + +/* + * allocates and opens a pty + * returns -1 if no pty could be allocated, or zero if a pty was successfully + * allocated + * on success, open file descriptors for the pty and tty sides and the name of + * the tty side are returned + * the buffer must be able to hold at least 64 characters + */ + +int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) { +#if defined(HAVE_OPENPTY) || defined(BSD4_4) && !defined(__INNOTEK_LIBC__) + /* openpty(3) exists in OSF/1 and some other os'es */ + char buf[64]; + int i; + + i=openpty(ptyfd, ttyfd, buf, NULL, NULL); + if(i<0) { + ioerror("openpty"); + return -1; + } + strcpy(namebuf, buf); /* possible truncation */ + return 0; +#else /* HAVE_OPENPTY */ +#ifdef HAVE__GETPTY + /* + * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more + * pty's automagically when needed + */ + char *slave; + + slave=_getpty(ptyfd, O_RDWR, 0622, 0); + if(slave==NULL) { + ioerror("_getpty"); + return -1; + } + strcpy(namebuf, slave); + /* open the slave side */ + *ttyfd=open(namebuf, O_RDWR|O_NOCTTY); + if(*ttyfd<0) { + ioerror(namebuf); + close(*ptyfd); + return -1; + } + return 0; +#else /* HAVE__GETPTY */ +#if defined(HAVE_DEV_PTMX) + /* + * this code is used e.g. on Solaris 2.x + * note that Solaris 2.3 * also has bsd-style ptys, but they simply do not + * work + */ + int ptm; char *pts; + + ptm=open("/dev/ptmx", O_RDWR|O_NOCTTY); + if(ptm<0) { + ioerror("/dev/ptmx"); + return -1; + } + if(grantpt(ptm)<0) { + ioerror("grantpt"); + /* return -1; */ + /* can you tell me why it doesn't work? */ + } + if(unlockpt(ptm)<0) { + ioerror("unlockpt"); + return -1; + } + pts=ptsname(ptm); + if(pts==NULL) + s_log(LOG_ERR, "Slave pty side name could not be obtained"); + strcpy(namebuf, pts); + *ptyfd=ptm; + + /* open the slave side */ + *ttyfd=open(namebuf, O_RDWR|O_NOCTTY); + if(*ttyfd<0) { + ioerror(namebuf); + close(*ptyfd); + return -1; + } + /* push the appropriate streams modules, as described in Solaris pts(7) */ + if(ioctl(*ttyfd, I_PUSH, "ptem")<0) + ioerror("ioctl I_PUSH ptem"); + if(ioctl(*ttyfd, I_PUSH, "ldterm")<0) + ioerror("ioctl I_PUSH ldterm"); + if(ioctl(*ttyfd, I_PUSH, "ttcompat")<0) + ioerror("ioctl I_PUSH ttcompat"); + return 0; +#else /* HAVE_DEV_PTMX */ +#ifdef HAVE_DEV_PTS_AND_PTC + /* AIX-style pty code. */ + const char *name; + + *ptyfd=open("/dev/ptc", O_RDWR|O_NOCTTY); + if(*ptyfd<0) { + ioerror("open(/dev/ptc)"); + return -1; + } + name=ttyname(*ptyfd); + if(!name) { + s_log(LOG_ERR, "Open of /dev/ptc returns device for which ttyname fails"); + return -1; + } + strcpy(namebuf, name); + *ttyfd=open(name, O_RDWR|O_NOCTTY); + if(*ttyfd<0) { + ioerror(name); + close(*ptyfd); + return -1; + } + return 0; +#else /* HAVE_DEV_PTS_AND_PTC */ + /* BSD-style pty code. */ + char buf[64]; + int i; + const char *ptymajors="pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ"; + const char *ptyminors="0123456789abcdef"; + int num_minors=strlen(ptyminors); + int num_ptys=strlen(ptymajors)*num_minors; + + for(i=0; i + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +/**************************************** prototypes */ + +#ifndef HAVE_GETADDRINFO + +#ifndef EAI_MEMORY +#define EAI_MEMORY 1 +#endif +#ifndef EAI_NONAME +#define EAI_NONAME 2 +#endif +#ifndef EAI_SERVICE +#define EAI_SERVICE 8 +#endif + +/* rename some potentially locally shadowed declarations */ +#define getaddrinfo local_getaddrinfo +#define freeaddrinfo local_freeaddrinfo + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; + int ai_family; + int ai_socktype; + int ai_protocol; + int ai_addrlen; + struct sockaddr *ai_addr; + char *ai_canonname; + struct addrinfo *ai_next; +}; +#endif + +static int getaddrinfo(const char *, const char *, + const struct addrinfo *, struct addrinfo **); +static int alloc_addresses(struct hostent *, const struct addrinfo *, + u_short port, struct addrinfo **, struct addrinfo **); +static void freeaddrinfo(struct addrinfo *); + +#endif /* !defined HAVE_GETADDRINFO */ + +/**************************************** stunnel resolver API */ + +int name2addr(SOCKADDR_UNION *addr, char *name, char *default_host) { + SOCKADDR_LIST addr_list; + int retval; + + addr_list.num=0; + addr_list.addr=NULL; + retval=name2addrlist(&addr_list, name, default_host); + if(retval>0) + memcpy(addr, &addr_list.addr[0], sizeof *addr); + if(addr_list.addr) + str_free(addr_list.addr); + return retval; +} + +int hostport2addr(SOCKADDR_UNION *addr, char *hostname, char *portname) { + SOCKADDR_LIST addr_list; + int retval; + + addr_list.num=0; + addr_list.addr=NULL; + retval=hostport2addrlist(&addr_list, hostname, portname); + if(retval>0) + memcpy(addr, &addr_list.addr[0], sizeof *addr); + if(addr_list.addr) + str_free(addr_list.addr); + return retval; +} + +int name2addrlist(SOCKADDR_LIST *addr_list, char *name, char *default_host) { + char *tmp, *hostname, *portname; + int retval; + + addr_list->cur=0; /* reset round-robin counter */ + + /* first check if this is a UNIX socket */ +#ifdef HAVE_STRUCT_SOCKADDR_UN + if(*name=='/') { + if(offsetof(struct sockaddr_un, sun_path)+strlen(name)+1 + > sizeof(struct sockaddr_un)) { + s_log(LOG_ERR, "Unix socket path is too long"); + return 0; /* no results */ + } + addr_list->addr=str_realloc(addr_list->addr, + (addr_list->num+1)*sizeof(SOCKADDR_UNION)); + addr_list->addr[addr_list->num].un.sun_family=AF_UNIX; + strcpy(addr_list->addr[addr_list->num].un.sun_path, name); + return ++(addr_list->num); /* ok - return the number of addresses */ + } +#endif + + /* set hostname and portname */ + tmp=str_dup(name); + portname=strrchr(tmp, ':'); + if(portname) { + hostname=tmp; + *portname++='\0'; + } else { /* no ':' - use default host IP */ + hostname=default_host; + portname=tmp; + } + + /* fill addr_list structure */ + retval=hostport2addrlist(addr_list, hostname, portname); + str_free(tmp); + return retval; +} + +int hostport2addrlist(SOCKADDR_LIST *addr_list, + char *hostname, char *portname) { + struct addrinfo hints, *res=NULL, *cur; + int err; + + memset(&hints, 0, sizeof hints); +#if defined(USE_IPv6) || defined(USE_WIN32) + hints.ai_family=PF_UNSPEC; +#else + hints.ai_family=PF_INET; +#endif + hints.ai_socktype=SOCK_STREAM; + hints.ai_protocol=IPPROTO_TCP; + do { + err=getaddrinfo(hostname, portname, &hints, &res); + if(err && res) + freeaddrinfo(res); + if(err==EAI_AGAIN) { + s_log(LOG_DEBUG, "getaddrinfo: EAI_AGAIN received: retrying"); + sleep(1); + } + } while(err==EAI_AGAIN); + switch(err) { + case 0: + break; /* success */ + case EAI_SERVICE: + s_log(LOG_ERR, "Unknown TCP service '%s'", portname); + return 0; /* error */ + default: + s_log(LOG_ERR, "Error resolving '%s': %s", + hostname, s_gai_strerror(err)); + return 0; /* error */ + } + + /* copy the list of addresses */ + for(cur=res; cur; cur=cur->ai_next) { + if(cur->ai_addrlen>(int)sizeof(SOCKADDR_UNION)) { + s_log(LOG_ERR, "INTERNAL ERROR: ai_addrlen value too big"); + freeaddrinfo(res); + return 0; /* no results */ + } + addr_list->addr=str_realloc(addr_list->addr, + (addr_list->num+1)*sizeof(SOCKADDR_UNION)); + memcpy(&addr_list->addr[addr_list->num], cur->ai_addr, cur->ai_addrlen); + ++(addr_list->num); + } + freeaddrinfo(res); + return addr_list->num; /* ok - return the number of addresses */ +} + +char *s_ntop(SOCKADDR_UNION *addr, socklen_t addrlen) { + int err; + char *host, *port, *retval; + + if(addrlen==sizeof(u_short)) /* see UNIX(7) manual for details */ + return str_dup("unnamed socket"); + host=str_alloc(256); + port=str_alloc(256); /* needs to be long enough for AF_UNIX path */ + err=getnameinfo(&addr->sa, addrlen, + host, 256, port, 256, NI_NUMERICHOST|NI_NUMERICSERV); + if(err) { + s_log(LOG_ERR, "getnameinfo: %s", s_gai_strerror(err)); + retval=str_dup("unresolvable address"); + } else + retval=str_printf("%s:%s", host, port); + str_free(host); + str_free(port); + return retval; +} + +socklen_t addr_len(const SOCKADDR_UNION *addr) { + if(addr->sa.sa_family==AF_INET) + return sizeof(struct sockaddr_in); +#ifdef USE_IPv6 + if(addr->sa.sa_family==AF_INET6) + return sizeof(struct sockaddr_in6); +#endif +#ifdef HAVE_STRUCT_SOCKADDR_UN + if(addr->sa.sa_family==AF_UNIX) + return sizeof(struct sockaddr_un); +#endif + s_log(LOG_ERR, "INTERNAL ERROR: Unknown sa_family: %d", + addr->sa.sa_family); + return sizeof(SOCKADDR_UNION); +} + +/**************************************** my getaddrinfo() */ +/* implementation is limited to functionality needed by stunnel */ + +#ifndef HAVE_GETADDRINFO +static int getaddrinfo(const char *node, const char *service, + const struct addrinfo *hints, struct addrinfo **res) { + struct hostent *h; +#ifndef _WIN32_WCE + struct servent *p; +#endif + u_short port; + struct addrinfo *ai; + int retval; + char *tmpstr; + +#if defined(USE_WIN32) && !defined(_WIN32_WCE) + if(s_getaddrinfo) + return s_getaddrinfo(node, service, hints, res); +#endif + /* decode service name */ + port=htons((u_short)strtol(service, &tmpstr, 10)); + if(tmpstr==service || *tmpstr) { /* not a number */ +#ifdef _WIN32_WCE + return EAI_NONAME; +#else /* defined(_WIN32_WCE) */ + p=getservbyname(service, "tcp"); + if(!p) + return EAI_NONAME; + port=p->s_port; +#endif /* defined(_WIN32_WCE) */ + } + + /* allocate addrlist structure */ + ai=str_alloc(sizeof(struct addrinfo)); + if(hints) + memcpy(ai, hints, sizeof(struct addrinfo)); + + /* try to decode numerical address */ +#if defined(USE_IPv6) && !defined(USE_WIN32) + ai->ai_family=AF_INET6; + ai->ai_addrlen=sizeof(struct sockaddr_in6); + ai->ai_addr=str_alloc(ai->ai_addrlen); + ai->ai_addr->sa_family=AF_INET6; + if(inet_pton(AF_INET6, node, + &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr)>0) { +#else + ai->ai_family=AF_INET; + ai->ai_addrlen=sizeof(struct sockaddr_in); + ai->ai_addr=str_alloc(ai->ai_addrlen); + ai->ai_addr->sa_family=AF_INET; + ((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr=inet_addr(node); + if(((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr+1) { + /* (signed)((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr!=-1 */ +#endif + ((struct sockaddr_in *)ai->ai_addr)->sin_port=port; + *res=ai; + return 0; /* numerical address resolved */ + } + str_free(ai->ai_addr); + str_free(ai); + + /* not numerical: need to call resolver library */ + *res=NULL; + ai=NULL; + enter_critical_section(CRIT_INET); +#ifdef HAVE_GETHOSTBYNAME2 + h=gethostbyname2(node, AF_INET6); + if(h) /* some IPv6 addresses found */ + alloc_addresses(h, hints, port, res, &ai); /* ignore the error */ +#endif + h=gethostbyname(node); /* get list of addresses */ + if(h) + retval=ai ? + alloc_addresses(h, hints, port, &ai->ai_next, &ai) : + alloc_addresses(h, hints, port, res, &ai); + else if(!*res) + retval=EAI_NONAME; /* no results */ + else + retval=0; +#ifdef HAVE_ENDHOSTENT + endhostent(); +#endif + leave_critical_section(CRIT_INET); + if(retval) { /* error: free allocated memory */ + freeaddrinfo(*res); + *res=NULL; + } + return retval; +} + +static int alloc_addresses(struct hostent *h, const struct addrinfo *hints, + u_short port, struct addrinfo **head, struct addrinfo **tail) { + int i; + struct addrinfo *ai; + + /* copy addresses */ + for(i=0; h->h_addr_list[i]; i++) { + ai=str_alloc(sizeof(struct addrinfo)); + if(hints) + memcpy(ai, hints, sizeof(struct addrinfo)); + ai->ai_next=NULL; /* just in case */ + if(*tail) { /* list not empty: add a node */ + (*tail)->ai_next=ai; + *tail=ai; + } else { /* list empty: create it */ + *head=ai; + *tail=ai; + } + ai->ai_family=h->h_addrtype; +#if defined(USE_IPv6) + if(h->h_addrtype==AF_INET6) { + ai->ai_addrlen=sizeof(struct sockaddr_in6); + ai->ai_addr=str_alloc(ai->ai_addrlen); + memcpy(&((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, + h->h_addr_list[i], h->h_length); + } else +#endif + { + ai->ai_addrlen=sizeof(struct sockaddr_in); + ai->ai_addr=str_alloc(ai->ai_addrlen); + memcpy(&((struct sockaddr_in *)ai->ai_addr)->sin_addr, + h->h_addr_list[i], h->h_length); + } + ai->ai_addr->sa_family=h->h_addrtype; + /* offsets of sin_port and sin6_port should be the same */ + ((struct sockaddr_in *)ai->ai_addr)->sin_port=port; + } + return 0; /* success */ +} + +static void freeaddrinfo(struct addrinfo *current) { + struct addrinfo *next; + +#if defined(USE_WIN32) && !defined(_WIN32_WCE) + if(s_freeaddrinfo) { + s_freeaddrinfo(current); + return; + } +#endif + while(current) { + if(current->ai_addr) + str_free(current->ai_addr); + if(current->ai_canonname) + str_free(current->ai_canonname); + next=current->ai_next; + str_free(current); + current=next; + } +} +#endif /* !defined HAVE_GETADDRINFO */ + +/* due to a problem with Mingw32 I decided to define my own gai_strerror() */ +const char *s_gai_strerror(int err) { + switch(err) { +#ifdef EAI_BADFLAGS + case EAI_BADFLAGS: + return "Invalid value for ai_flags (EAI_BADFLAGS)"; +#endif + case EAI_NONAME: + return "Neither nodename nor servname known (EAI_NONAME)"; +#ifdef EAI_AGAIN + case EAI_AGAIN: + return "Temporary failure in name resolution (EAI_AGAIN)"; +#endif +#ifdef EAI_FAIL + case EAI_FAIL: + return "Non-recoverable failure in name resolution (EAI_FAIL)"; +#endif +#ifdef EAI_NODATA +#if EAI_NODATA!=EAI_NONAME + case EAI_NODATA: + return "No address associated with nodename (EAI_NODATA)"; +#endif /* EAI_NODATA!=EAI_NONAME */ +#endif /* defined EAI_NODATA */ +#ifdef EAI_FAMILY + case EAI_FAMILY: + return "ai_family not supported (EAI_FAMILY)"; +#endif +#ifdef EAI_SOCKTYPE + case EAI_SOCKTYPE: + return "ai_socktype not supported (EAI_SOCKTYPE)"; +#endif +#ifdef EAI_SERVICE + case EAI_SERVICE: + return "servname is not supported for ai_socktype (EAI_SERVICE)"; +#endif +#ifdef EAI_ADDRFAMILY + case EAI_ADDRFAMILY: + return "Address family for nodename not supported (EAI_ADDRFAMILY)"; +#endif /* EAI_ADDRFAMILY */ + case EAI_MEMORY: + return "Memory allocation failure (EAI_MEMORY)"; +#ifdef EAI_SYSTEM + case EAI_SYSTEM: + return "System error returned in errno (EAI_SYSTEM)"; +#endif /* EAI_SYSTEM */ + default: + return "Unknown error"; + } +} + +/**************************************** my getnameinfo() */ +/* implementation is limited to functionality needed by stunnel */ + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, int salen, + char *host, int hostlen, char *serv, int servlen, int flags) { + +#if defined(USE_WIN32) && !defined(_WIN32_WCE) + if(s_getnameinfo) + return s_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +#endif + if(host && hostlen) { +#if defined(USE_IPv6) && !defined(USE_WIN32) + inet_ntop(sa->sa_family, sa->sa_family==AF_INET6 ? + (void *)&((struct sockaddr_in6 *)sa)->sin6_addr : + (void *)&((struct sockaddr_in *)sa)->sin_addr, + host, hostlen); +#else /* USE_IPv6 */ + enter_critical_section(CRIT_INET); /* inet_ntoa is not mt-safe */ + strncpy(host, inet_ntoa(((struct sockaddr_in *)sa)->sin_addr), + hostlen); + leave_critical_section(CRIT_INET); + host[hostlen-1]='\0'; +#endif /* USE_IPv6 */ + } + if(serv && servlen) + sprintf(serv, "%u", ntohs(((struct sockaddr_in *)sa)->sin_port)); + /* sin_port is in the same place both in sockaddr_in and sockaddr_in6 */ + /* ignore servlen since it's long enough in stunnel code */ + return 0; +} +#endif + +/* end of resolver.c */ diff --git a/src/resources.h b/src/resources.h new file mode 100644 index 0000000..521a498 --- /dev/null +++ b/src/resources.h @@ -0,0 +1,28 @@ +#define WM_SYSTRAY (WM_USER+0) +#define WM_VALID_CONFIG (WM_APP+0) +#define WM_INVALID_CONFIG (WM_APP+1) +#define WM_LOG (WM_APP+2) +#define WM_NEW_CHAIN (WM_APP+3) + +#define IDI_MYICON 10 + +#define IDE_EDIT 20 +#define IDE_PASSEDIT 21 +#define IDE_PINEDIT 22 + +#define IDM_TRAYMENU 30 +#define IDM_MAINMENU 31 +#define IDM_CLOSE 32 +#define IDM_EXIT 33 +#define IDM_SHOW_LOG 34 + +#define IDM_SAVE_LOG 40 +#define IDM_REOPEN_LOG 41 +#define IDM_EDIT_CONFIG 42 +#define IDM_RELOAD_CONFIG 43 + +#define IDM_ABOUT 50 +#define IDM_MANPAGE 51 +#define IDM_HOMEPAGE 52 + +#define IDM_PEER_MENU 60 diff --git a/src/resources.rc b/src/resources.rc new file mode 100644 index 0000000..3e868ad --- /dev/null +++ b/src/resources.rc @@ -0,0 +1,121 @@ +#include +#include "resources.h" +#include "version.h" + +VS_VERSION_INFO VERSIONINFO +FILEVERSION STUNNEL_VERSION_FIELDS +PRODUCTVERSION STUNNEL_VERSION_FIELDS +FILEFLAGSMASK VS_FFI_FILEFLAGSMASK +FILEFLAGS 0 +FILEOS VOS__WINDOWS32 +FILETYPE VFT_APP +FILESUBTYPE VFT2_UNKNOWN +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904E4" + BEGIN + VALUE "CompanyName", "Michal Trojnara" + VALUE "FileDescription", "stunnel - multiplatform SSL tunneling proxy" + VALUE "FileVersion", STUNNEL_VERSION + VALUE "InternalName", "stunnel" + VALUE "LegalCopyright", " by Michal Trojnara, 1998-2012" + VALUE "OriginalFilename", "stunnel.exe" + VALUE "ProductName", STUNNEL_PRODUCTNAME + VALUE "ProductVersion", STUNNEL_VERSION + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1252 + END +END + +IDI_MYICON ICON "stunnel.ico" + +IDM_MAINMENU MENU +BEGIN + POPUP "&File" + BEGIN + MENUITEM "&Save Log As", IDM_SAVE_LOG + MENUITEM "Reopen &Log File", IDM_REOPEN_LOG, GRAYED + MENUITEM SEPARATOR + MENUITEM "&Close", IDM_CLOSE + END + POPUP "&Configuration" + BEGIN + MENUITEM "&Edit stunnel.conf", IDM_EDIT_CONFIG + MENUITEM "&Reload stunnel.conf", IDM_RELOAD_CONFIG + END + POPUP "&Save peer certificate" + BEGIN + MENUITEM "dummy", 0, GRAYED + END + POPUP "&Help", HELP + BEGIN + MENUITEM "&About", IDM_ABOUT + MENUITEM SEPARATOR + MENUITEM "&Manual", IDM_MANPAGE + MENUITEM "&Homepage", IDM_HOMEPAGE + END +END + +IDM_TRAYMENU MENU +BEGIN + POPUP "Ooops?" + BEGIN + MENUITEM "Show Log &Window", IDM_SHOW_LOG + MENUITEM SEPARATOR + POPUP "&Save peer certificate" + BEGIN + MENUITEM "dummy", 0, GRAYED + END + MENUITEM SEPARATOR + MENUITEM "&Edit stunnel.conf", IDM_EDIT_CONFIG + MENUITEM "&Reload stunnel.conf", IDM_RELOAD_CONFIG + MENUITEM "Reopen &Log File", IDM_REOPEN_LOG, GRAYED + MENUITEM SEPARATOR + MENUITEM "&Homepage", IDM_HOMEPAGE + MENUITEM "&Manual", IDM_MANPAGE + MENUITEM "&About", IDM_ABOUT + MENUITEM SEPARATOR + MENUITEM "E&xit", IDM_EXIT + END +END + +ABOUTBOX DIALOG DISCARDABLE 0, 0, 140, 68 +STYLE DS_MODALFRAME|DS_CENTER|WS_POPUP|WS_CAPTION|WS_SYSMENU +CAPTION "About stunnel" +BEGIN + ICON IDI_MYICON, -1, 9, 8, 18, 20 + LTEXT "stunnel version", -1, 30, 4, 52, 8 + LTEXT STUNNEL_VERSION, -1, 82, 4, 54, 8 + LTEXT " by Michal Trojnara, 1998-2012", -1, 30, 12, 106, 8 + LTEXT "All Rights Reserved", -1, 30, 20, 106, 8 + LTEXT "Licensed under the GNU GPL version 2", -1, 4, 28, 132, 8 + LTEXT "with a special exception for OpenSSL", -1, 4, 36, 132, 8 + DEFPUSHBUTTON "OK",IDOK, 54, 48, 32, 14, WS_GROUP +END + +PASSBOX DIALOG DISCARDABLE 0, 0, 158, 51 +STYLE DS_MODALFRAME|DS_CENTER|WS_POPUP|WS_CAPTION|WS_SYSMENU +CAPTION "" +BEGIN + ICON IDI_MYICON, -1, 8, 6, 18, 20 + LTEXT "Pass phrase:", -1, 33, 9, 50, 8 + EDITTEXT IDE_PASSEDIT, 86, 7, 65, 12, ES_PASSWORD|ES_AUTOHSCROLL + DEFPUSHBUTTON "OK",IDOK, 7, 30, 50, 14 + PUSHBUTTON "Cancel",IDCANCEL, 101, 30, 50, 14 +END + +PINBOX DIALOG DISCARDABLE 0, 0, 158, 51 +STYLE DS_MODALFRAME|DS_CENTER|WS_POPUP|WS_CAPTION|WS_SYSMENU +CAPTION "" +BEGIN + ICON IDI_MYICON, -1, 8, 6, 18, 20 + LTEXT "SmartCard PIN:", -1, 33, 9, 50, 8 + EDITTEXT IDE_PINEDIT, 86, 7, 65, 12, ES_PASSWORD|ES_AUTOHSCROLL + DEFPUSHBUTTON "OK",IDOK, 7, 30, 50, 14 + PUSHBUTTON "Cancel",IDCANCEL, 101, 30, 50, 14 +END + diff --git a/src/ssl.c b/src/ssl.c new file mode 100644 index 0000000..d8596d3 --- /dev/null +++ b/src/ssl.c @@ -0,0 +1,248 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + + /* global OpenSSL initalization: compression, engine, entropy */ +static int init_compression(GLOBAL_OPTIONS *); +static int init_prng(GLOBAL_OPTIONS *); +static int add_rand_file(GLOBAL_OPTIONS *, const char *); + +int cli_index, opt_index; /* to keep structure for callbacks */ + +int ssl_init(void) { /* init SSL before parsing configuration file */ + SSL_load_error_strings(); + SSL_library_init(); + cli_index=SSL_get_ex_new_index(0, "cli index", NULL, NULL, NULL); + opt_index=SSL_CTX_get_ex_new_index(0, "opt index", NULL, NULL, NULL); + if(cli_index<0 || opt_index<0) + return 1; +#ifdef HAVE_OSSL_ENGINE_H + ENGINE_load_builtin_engines(); +#endif + return 0; +} + +int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global SSL settings */ +#ifdef USE_FIPS + if(FIPS_mode()!=global->option.fips) { + RAND_set_rand_method(NULL); /* reset RAND methods */ + if(!FIPS_mode_set(global->option.fips)) { + ERR_load_crypto_strings(); + sslerror("FIPS_mode_set"); + return 1; + } + } + s_log(LOG_NOTICE, "FIPS mode is %s", + global->option.fips ? "enabled" : "disabled"); +#endif /* USE_FIPS */ + if(init_compression(global)) + return 1; + if(init_prng(global)) + return 1; + s_log(LOG_DEBUG, "PRNG seeded successfully"); + return 0; /* SUCCESS */ +} + +static int init_compression(GLOBAL_OPTIONS *global) { +#ifndef OPENSSL_NO_COMP + SSL_COMP *comp; + STACK_OF(SSL_COMP) *ssl_comp_methods; + + ssl_comp_methods=SSL_COMP_get_compression_methods(); + if(!ssl_comp_methods) { + if(global->compression==COMP_NONE) { + s_log(LOG_NOTICE, "Failed to get compression methods"); + return 0; /* ignore */ + } else { + s_log(LOG_ERR, "Failed to get compression methods"); + return 1; + } + } + + /* delete OpenSSL defaults (empty the SSL_COMP stack) */ + /* cannot use sk_SSL_COMP_pop_free, as it also destroys the stack itself */ + while(sk_SSL_COMP_num(ssl_comp_methods)) + OPENSSL_free(sk_SSL_COMP_pop(ssl_comp_methods)); + + if(global->compression==COMP_NONE) { + s_log(LOG_DEBUG, "Compression not enabled"); + return 0; /* success */ + } + + /* insert RFC 1951 (DEFLATE) algoritm */ + if(SSLeay()>=0x00908051L) { /* 0.9.8e-beta1 */ + /* only allow DEFLATE with OpenSSL 0.9.8 or later + with openssl #1468 zlib memory leak fixed */ + comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if(!comp) { + s_log(LOG_ERR, "OPENSSL_malloc filed"); + return 1; + } + comp->id=1; /* RFC 1951 */ + comp->method=COMP_zlib(); + if(!comp->method || comp->method->type==NID_undef) { + OPENSSL_free(comp); + s_log(LOG_ERR, "Failed to initialize compression method"); + return 1; + } + comp->name=comp->method->name; + sk_SSL_COMP_push(ssl_comp_methods, comp); + } + + /* also insert one of obsolete (ZLIB/RLE) algoritms */ + comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if(!comp) { + s_log(LOG_ERR, "OPENSSL_malloc filed"); + return 1; + } + if(global->compression==COMP_ZLIB) { + comp->id=0xe0; /* 224 - within private range (193 to 255) */ + comp->method=COMP_zlib(); + } else if(global->compression==COMP_RLE) { + comp->id=0xe1; /* 225 - within private range (193 to 255) */ + comp->method=COMP_rle(); + } else { + s_log(LOG_INFO, "Compression enabled: %d algorithm(s)", + sk_SSL_COMP_num(ssl_comp_methods)); + OPENSSL_free(comp); + return 0; + } + if(!comp->method || comp->method->type==NID_undef) { + OPENSSL_free(comp); + s_log(LOG_ERR, "Failed to initialize compression method"); + return 1; + } + comp->name=comp->method->name; + sk_SSL_COMP_push(ssl_comp_methods, comp); + s_log(LOG_INFO, "Compression enabled: %d algorithm(s)", + sk_SSL_COMP_num(ssl_comp_methods)); +#endif /* OPENSSL_NO_COMP */ + return 0; /* success */ +} + +static int init_prng(GLOBAL_OPTIONS *global) { + int totbytes=0; + char filename[256]; + int bytes; + + bytes=0; /* avoid warning if #ifdef'd out for windows */ + + filename[0]='\0'; + + /* if they specify a rand file on the command line we + assume that they really do want it, so try it first */ + if(global->rand_file) { + totbytes+=add_rand_file(global, global->rand_file); + if(RAND_status()) + return 0; /* success */ + } + + /* try the $RANDFILE or $HOME/.rnd files */ + RAND_file_name(filename, 256); + if(filename[0]) { + totbytes+=add_rand_file(global, filename); + if(RAND_status()) + return 0; /* success */ + } + +#ifdef RANDOM_FILE + totbytes+=add_rand_file(global, RANDOM_FILE); + if(RAND_status()) + return 0; /* success */ +#endif + +#ifdef USE_WIN32 + RAND_screen(); + if(RAND_status()) { + s_log(LOG_DEBUG, "Seeded PRNG with RAND_screen"); + return 0; /* success */ + } + s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG"); +#else + if(global->egd_sock) { + if((bytes=RAND_egd(global->egd_sock))==-1) { + s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock); + bytes=0; + } else { + totbytes+=bytes; + s_log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s", + bytes, global->egd_sock); + return 0; /* OpenSSL always gets what it needs or fails, + so no need to check if seeded sufficiently */ + } + } + /* try the good-old default /dev/urandom, if available */ + totbytes+=add_rand_file(global, "/dev/urandom"); + if(RAND_status()) + return 0; /* success */ +#endif /* USE_WIN32 */ + + /* random file specified during configure */ + s_log(LOG_ERR, "PRNG seeded with %d bytes total", totbytes); + s_log(LOG_ERR, "PRNG was not seeded with enough random bytes"); + return 1; /* FAILED */ +} + +static int add_rand_file(GLOBAL_OPTIONS *global, const char *filename) { + int readbytes; + int writebytes; + struct stat sb; + + if(stat(filename, &sb)) + return 0; /* could not stat() file -> return 0 bytes */ + if((readbytes=RAND_load_file(filename, global->random_bytes))) + s_log(LOG_DEBUG, "Snagged %d random bytes from %s", + readbytes, filename); + else + s_log(LOG_INFO, "Unable to retrieve any random data from %s", + filename); + /* write new random data for future seeding if it's a regular file */ + if(global->option.rand_write && (sb.st_mode & S_IFREG)){ + writebytes=RAND_write_file(filename); + if(writebytes==-1) + s_log(LOG_WARNING, "Failed to write strong random data to %s - " + "may be a permissions or seeding problem", filename); + else + s_log(LOG_DEBUG, "Wrote %d new random bytes to %s", + writebytes, filename); + } + return readbytes; +} + +/* end of ssl.c */ diff --git a/src/sthreads.c b/src/sthreads.c new file mode 100644 index 0000000..28758d8 --- /dev/null +++ b/src/sthreads.c @@ -0,0 +1,550 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#ifdef USE_OS2 +#define INCL_DOSPROCESS +#include +#endif + +#include "common.h" +#include "prototypes.h" + +#if defined(USE_UCONTEXT) || defined(USE_FORK) +/* no need for critical sections */ + +void enter_critical_section(SECTION_CODE i) { + (void)i; /* skip warning about unused parameter */ + /* empty */ +} + +void leave_critical_section(SECTION_CODE i) { + (void)i; /* skip warning about unused parameter */ + /* empty */ +} + +#endif /* USE_UCONTEXT || USE_FORK */ + +#ifdef USE_UCONTEXT + +#if defined(CPU_SPARC) && ( \ + defined(OS_SOLARIS2_0) || \ + defined(OS_SOLARIS2_1) || \ + defined(OS_SOLARIS2_2) || \ + defined(OS_SOLARIS2_3) || \ + defined(OS_SOLARIS2_4) || \ + defined(OS_SOLARIS2_5) || \ + defined(OS_SOLARIS2_6) || \ + defined(OS_SOLARIS2_7) || \ + defined(OS_SOLARIS2_8)) +#define ARGC 2 +#else +#define ARGC 1 +#endif + +/* first context on the ready list is the active context */ +CONTEXT *ready_head=NULL, *ready_tail=NULL; /* ready to execute */ +CONTEXT *waiting_head=NULL, *waiting_tail=NULL; /* waiting on poll() */ + +unsigned long stunnel_process_id(void) { + return (unsigned long)getpid(); +} + +unsigned long stunnel_thread_id(void) { + return ready_head ? ready_head->id : 0; +} + +static CONTEXT *new_context(void) { + static int next_id=1; + CONTEXT *context; + + /* allocate and fill the CONTEXT structure */ + context=str_alloc(sizeof(CONTEXT)); + str_detach(context); + context->id=next_id++; + context->fds=NULL; + context->ready=0; + + /* append to the tail of the ready queue */ + context->next=NULL; + if(ready_tail) + ready_tail->next=context; + ready_tail=context; + if(!ready_head) + ready_head=context; + + return context; +} + +int sthreads_init(void) { + /* create the first (listening) context and put it in the running queue */ + if(!new_context()) { + s_log(LOG_ERR, "Unable create the listening context"); + return 1; + } + /* no need to initialize ucontext_t structure here + it will be initialied with swapcontext() call */ + return 0; +} + +int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) { + CONTEXT *context; + + (void)ls; /* this parameter is only used with USE_FORK */ + + s_log(LOG_DEBUG, "Creating a new context"); + context=new_context(); + if(!context) { + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + return -1; + } + + /* initialize context_t structure */ + if(getcontext(&context->context)<0) { + str_free(context); + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + ioerror("getcontext"); + return -1; + } + context->context.uc_link=NULL; /* stunnel does not use uc_link */ + + /* create stack */ + context->stack=str_alloc(arg->opt->stack_size); + str_detach(context->stack); +#if defined(__sgi) || ARGC==2 /* obsolete ss_sp semantics */ + context->context.uc_stack.ss_sp=context->stack+arg->opt->stack_size-8; +#else + context->context.uc_stack.ss_sp=context->stack; +#endif + context->context.uc_stack.ss_size=arg->opt->stack_size; + context->context.uc_stack.ss_flags=0; + + makecontext(&context->context, (void(*)(void))cli, ARGC, arg); + s_log(LOG_DEBUG, "New context created"); + return 0; +} + +#endif /* USE_UCONTEXT */ + +#ifdef USE_FORK + +int sthreads_init(void) { + return 0; +} + +unsigned long stunnel_process_id(void) { + return (unsigned long)getpid(); +} + +unsigned long stunnel_thread_id(void) { + return 0L; +} + +static void null_handler(int sig) { + (void)sig; /* skip warning about unused parameter */ + signal(SIGCHLD, null_handler); +} + +int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) { + switch(fork()) { + case -1: /* error */ + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + return -1; + case 0: /* child */ + if(ls>=0) + closesocket(ls); + signal(SIGCHLD, null_handler); + cli(arg); + _exit(0); + default: /* parent */ + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + } + return 0; +} + +#endif /* USE_FORK */ + +#ifdef USE_PTHREAD + +static pthread_mutex_t stunnel_cs[CRIT_SECTIONS]; +static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS]; + +void enter_critical_section(SECTION_CODE i) { + pthread_mutex_lock(stunnel_cs+i); +} + +void leave_critical_section(SECTION_CODE i) { + pthread_mutex_unlock(stunnel_cs+i); +} + +static void locking_callback(int mode, int type, const char *file, int line) { + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + if(mode&CRYPTO_LOCK) + pthread_mutex_lock(lock_cs+type); + else + pthread_mutex_unlock(lock_cs+type); +} + +struct CRYPTO_dynlock_value { + pthread_mutex_t mutex; +}; + +static struct CRYPTO_dynlock_value *dyn_create_function(const char *file, + int line) { + struct CRYPTO_dynlock_value *value; + + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + value=str_alloc(sizeof(struct CRYPTO_dynlock_value)); + str_detach(value); + pthread_mutex_init(&value->mutex, NULL); + return value; +} + +static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value, + const char *file, int line) { + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + if(mode&CRYPTO_LOCK) + pthread_mutex_lock(&value->mutex); + else + pthread_mutex_unlock(&value->mutex); +} + +static void dyn_destroy_function(struct CRYPTO_dynlock_value *value, + const char *file, int line) { + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + pthread_mutex_destroy(&value->mutex); + str_free(value); +} + +unsigned long stunnel_process_id(void) { + return (unsigned long)getpid(); +} + +unsigned long stunnel_thread_id(void) { + return (unsigned long)pthread_self(); +} + +int sthreads_init(void) { + int i; + + /* initialize stunnel critical sections */ + for(i=0; iopt->stack_size); + error=pthread_create(&thread, &pth_attr, cli, arg); + pthread_attr_destroy(&pth_attr); +#if defined(HAVE_PTHREAD_SIGMASK) && !defined(__APPLE__) + pthread_sigmask(SIG_SETMASK, &old_set, NULL); /* unblock signals */ +#endif /* HAVE_PTHREAD_SIGMASK && !__APPLE__*/ + + if(error) { + errno=error; + ioerror("pthread_create"); + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + return -1; + } + return 0; +} + +#endif /* USE_PTHREAD */ + +#ifdef USE_WIN32 + +static CRITICAL_SECTION stunnel_cs[CRIT_SECTIONS]; +static CRITICAL_SECTION lock_cs[CRYPTO_NUM_LOCKS]; + +void enter_critical_section(SECTION_CODE i) { + EnterCriticalSection(stunnel_cs+i); +} + +void leave_critical_section(SECTION_CODE i) { + LeaveCriticalSection(stunnel_cs+i); +} + +static void locking_callback(int mode, int type, const char *file, int line) { + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + if(mode&CRYPTO_LOCK) + EnterCriticalSection(lock_cs+type); + else + LeaveCriticalSection(lock_cs+type); +} + +struct CRYPTO_dynlock_value { + CRITICAL_SECTION mutex; +}; + +static struct CRYPTO_dynlock_value *dyn_create_function(const char *file, + int line) { + struct CRYPTO_dynlock_value *value; + + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + value=str_alloc(sizeof(struct CRYPTO_dynlock_value)); + str_detach(value); + InitializeCriticalSection(&value->mutex); + return value; +} + +static void dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value, + const char *file, int line) { + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + if(mode&CRYPTO_LOCK) + EnterCriticalSection(&value->mutex); + else + LeaveCriticalSection(&value->mutex); +} + +static void dyn_destroy_function(struct CRYPTO_dynlock_value *value, + const char *file, int line) { + (void)file; /* skip warning about unused parameter */ + (void)line; /* skip warning about unused parameter */ + DeleteCriticalSection(&value->mutex); + str_free(value); +} + +unsigned long stunnel_process_id(void) { + return GetCurrentProcessId() & 0x00ffffff; +} + +unsigned long stunnel_thread_id(void) { + return GetCurrentThreadId() & 0x00ffffff; +} + +int sthreads_init(void) { + int i; + + /* initialize stunnel critical sections */ + for(i=0; iopt->stack_size, arg)==-1) { + ioerror("_beginthread"); + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + return -1; + } + s_log(LOG_DEBUG, "New thread created"); + return 0; +} + +#endif /* USE_WIN32 */ + +#ifdef USE_OS2 + +void enter_critical_section(SECTION_CODE i) { + DosEnterCritSec(); +} + +void leave_critical_section(SECTION_CODE i) { + DosExitCritSec(); +} + +int sthreads_init(void) { + return 0; +} + +unsigned long stunnel_process_id(void) { + PTIB ptib=NULL; + DosGetInfoBlocks(&ptib, NULL); + return (unsigned long)ptib->tib_ordinal; +} + +unsigned long stunnel_thread_id(void) { + PPIB ppib=NULL; + DosGetInfoBlocks(NULL, &ppib); + return (unsigned long)ppib->pib_ulpid; +} + +int create_client(int ls, int s, CLI *arg, void *(*cli)(void *)) { + (void)ls; /* this parameter is only used with USE_FORK */ + s_log(LOG_DEBUG, "Creating a new thread"); + if((long)_beginthread((void(*)(void *))cli, NULL, arg->opt->stack_size, arg)==-1L) { + ioerror("_beginthread"); + if(arg) + str_free(arg); + if(s>=0) + closesocket(s); + return -1; + } + s_log(LOG_DEBUG, "New thread created"); + return 0; +} + +#endif /* USE_OS2 */ + +#ifdef _WIN32_WCE + +long _beginthread(void (*start_address)(void *), + int stack_size, void *arglist) { + DWORD thread_id; + HANDLE handle; + + handle=CreateThread(NULL, stack_size, + (LPTHREAD_START_ROUTINE)start_address, arglist, + STACK_SIZE_PARAM_IS_A_RESERVATION, &thread_id); + if(!handle) + return -1L; + CloseHandle(handle); + return 0; +} + +void _endthread(void) { + ExitThread(0); +} + +#endif /* _WIN32_WCE */ + +#ifdef DEBUG_STACK_SIZE + +#define STACK_RESERVE (STACK_SIZE/8) +#define VERIFY_AREA ((STACK_SIZE-STACK_RESERVE)/sizeof(u32)) +#define TEST_VALUE 0xdeadbeef + +/* some heuristic to determine the usage of client stack size */ +void stack_info(int init) { /* 1-initialize, 0-display */ + u32 table[VERIFY_AREA]; + int i, num; + static int min_num=VERIFY_AREA; + + if(init) { + for(i=0; inum) /* use the higher value */ + num=i; + if(num<64) { + s_log(LOG_NOTICE, "STACK_RESERVE is too high"); + return; + } + if(num + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +#ifndef va_copy +#ifdef __va_copy +#define va_copy(dst, src) __va_copy((dst), (src)) +#else /* __va_copy */ +#define va_copy(dst, src) memcpy(&(dst), &(src), sizeof(va_list)) +#endif /* __va_copy */ +#endif /* va_copy */ + +static u8 canary[10]; /* 80-bit canary value */ +static volatile int canary_initialized=0; + +typedef struct alloc_list_struct ALLOC_LIST; + +typedef struct { + ALLOC_LIST *head; + size_t bytes, blocks; +} ALLOC_TLS; + +struct alloc_list_struct { + ALLOC_LIST *prev, *next; + ALLOC_TLS *tls; + size_t size; + int valid_canary; + unsigned int magic; + /* at least on IA64 allocations need to be aligned */ +#ifdef __GNUC__ +} __attribute__((aligned(16))); +#else + int padding[2]; /* the number of integers is architecture-specific */ +}; +#endif + +static void set_alloc_tls(ALLOC_TLS *); +static ALLOC_TLS *get_alloc_tls(); +static ALLOC_LIST *get_alloc_list_ptr(void *, char *, int); + +char *str_dup(const char *str) { + char *retval; + + retval=str_alloc(strlen(str)+1); + strcpy(retval, str); + return retval; +} + +char *str_printf(const char *format, ...) { + char *txt; + va_list arglist; + + va_start(arglist, format); + txt=str_vprintf(format, arglist); + va_end(arglist); + return txt; +} + +char *str_vprintf(const char *format, va_list start_ap) { + int n, size=32; + char *p, *np; + va_list ap; + + p=str_alloc(size); + for(;;) { + va_copy(ap, start_ap); + n=vsnprintf(p, size, format, ap); + if(n>-1 && n-1) /* glibc 2.1 */ + size=n+1; /* precisely what is needed */ + else /* glibc 2.0, WIN32, etc. */ + size*=2; /* twice the old size */ + np=str_realloc(p, size); + p=np; /* LOL */ + } +} + +#ifdef USE_UCONTEXT + +static ALLOC_TLS *global_tls=NULL; + +void str_init() { +} + +static void set_alloc_tls(ALLOC_TLS *tls) { + if(ready_head) + ready_head->tls=tls; + else /* ucontext threads not initialized */ + global_tls=tls; +} + +static ALLOC_TLS *get_alloc_tls() { + if(ready_head) + return ready_head->tls; + else /* ucontext threads not initialized */ + return global_tls; +} + +#endif /* USE_UCONTEXT */ + +#ifdef USE_FORK + +static ALLOC_TLS *global_tls=NULL; + +void str_init() { +} + +static void set_alloc_tls(ALLOC_TLS *tls) { + global_tls=tls; +} + +static ALLOC_TLS *get_alloc_tls() { + return global_tls; +} + +#endif /* USE_FORK */ + +#ifdef USE_PTHREAD + +static pthread_key_t pthread_key; + +void str_init() { + pthread_key_create(&pthread_key, NULL); +} + +static void set_alloc_tls(ALLOC_TLS *tls) { + pthread_setspecific(pthread_key, tls); +} + +static ALLOC_TLS *get_alloc_tls() { + return pthread_getspecific(pthread_key); +} + +#endif /* USE_PTHREAD */ + +#ifdef USE_WIN32 + +static DWORD tls_index; + +void str_init() { + tls_index=TlsAlloc(); +} + +static void set_alloc_tls(ALLOC_TLS *alloc_tls) { + TlsSetValue(tls_index, alloc_tls); +} + +static ALLOC_TLS *get_alloc_tls() { + return TlsGetValue(tls_index); +} + +#endif /* USE_WIN32 */ + +void str_canary_init() { + if(canary_initialized) /* prevent double initialization on config reload */ + return; + RAND_bytes(canary, sizeof canary); + canary_initialized=1; /* after RAND_bytes */ +} + +void str_cleanup() { + ALLOC_TLS *alloc_tls; + + alloc_tls=get_alloc_tls(); + if(alloc_tls) { + while(alloc_tls->head) /* str_free macro requires lvalue parameter */ + str_free_debug(alloc_tls->head+1, __FILE__, __LINE__); + set_alloc_tls(NULL); + free(alloc_tls); + } +} + +void str_stats() { + ALLOC_TLS *alloc_tls; + + alloc_tls=get_alloc_tls(); + if(!alloc_tls) { + s_log(LOG_DEBUG, "str_stats: alloc_tls not initialized"); + return; + } + if(!alloc_tls->blocks && !alloc_tls->bytes) + return; /* skip if no data is allocated */ + s_log(LOG_DEBUG, "str_stats: %lu block(s), " + "%lu data byte(s), %lu control byte(s)", + (unsigned long int)alloc_tls->blocks, + (unsigned long int)alloc_tls->bytes, + (unsigned long int)(alloc_tls->blocks* + (sizeof(ALLOC_LIST)+sizeof canary))); +} + +void *str_alloc_debug(size_t size, char *file, int line) { + ALLOC_TLS *alloc_tls; + ALLOC_LIST *alloc_list; + + alloc_tls=get_alloc_tls(); + if(!alloc_tls) { /* first allocation in this thread */ + alloc_tls=calloc(1, sizeof(ALLOC_TLS)); + if(!alloc_tls) + fatal_debug("Out of memory", file, line); + alloc_tls->head=NULL; + alloc_tls->bytes=alloc_tls->blocks=0; + set_alloc_tls(alloc_tls); + } + alloc_list=calloc(1, sizeof(ALLOC_LIST)+size+sizeof canary); + if(!alloc_list) + fatal_debug("Out of memory", file, line); + + alloc_list->prev=NULL; + alloc_list->next=alloc_tls->head; + alloc_list->tls=alloc_tls; + alloc_list->size=size; + alloc_list->valid_canary=canary_initialized; /* before memcpy */ + memcpy((u8 *)(alloc_list+1)+size, canary, sizeof canary); + alloc_list->magic=0xdeadbeef; + + if(alloc_tls->head) + alloc_tls->head->prev=alloc_list; + alloc_tls->head=alloc_list; + alloc_tls->bytes+=size; + alloc_tls->blocks++; + + return alloc_list+1; +} + +void *str_realloc_debug(void *ptr, size_t size, char *file, int line) { + ALLOC_LIST *previous_alloc_list, *alloc_list; + + if(!ptr) + return str_alloc(size); + previous_alloc_list=get_alloc_list_ptr(ptr, file, line); + alloc_list=realloc(previous_alloc_list, + sizeof(ALLOC_LIST)+size+sizeof canary); + if(!alloc_list) + fatal_debug("Out of memory", file, line); + if(alloc_list->tls) { /* not detached */ + /* refresh possibly invalidated linked list pointers */ + if(alloc_list->tls->head==previous_alloc_list) + alloc_list->tls->head=alloc_list; + if(alloc_list->next) + alloc_list->next->prev=alloc_list; + if(alloc_list->prev) + alloc_list->prev->next=alloc_list; + /* update statistics */ + alloc_list->tls->bytes+=size-alloc_list->size; + } + alloc_list->size=size; + alloc_list->valid_canary=canary_initialized; /* before memcpy */ + memcpy((u8 *)(alloc_list+1)+size, canary, sizeof canary); + return alloc_list+1; +} + +/* detach from thread automatic deallocation list */ +/* it has no effect if the allocation is already detached */ +void str_detach_debug(void *ptr, char *file, int line) { + ALLOC_LIST *alloc_list; + + if(!ptr) /* do not attempt to free null pointers */ + return; + alloc_list=get_alloc_list_ptr(ptr, file, line); + if(alloc_list->tls) { /* not detached */ + /* remove from linked list */ + if(alloc_list->tls->head==alloc_list) + alloc_list->tls->head=alloc_list->next; + if(alloc_list->next) + alloc_list->next->prev=alloc_list->prev; + if(alloc_list->prev) + alloc_list->prev->next=alloc_list->next; + /* update statistics */ + alloc_list->tls->bytes-=alloc_list->size; + alloc_list->tls->blocks--; + /* clear pointers */ + alloc_list->next=NULL; + alloc_list->prev=NULL; + alloc_list->tls=NULL; + } +} + +void str_free_debug(void *ptr, char *file, int line) { + ALLOC_LIST *alloc_list; + + if(!ptr) /* do not attempt to free null pointers */ + return; + str_detach_debug(ptr, file, line); + alloc_list=(ALLOC_LIST *)ptr-1; + alloc_list->magic=0xdefec8ed; /* to detect double free attempts */ + free(alloc_list); +} + +static ALLOC_LIST *get_alloc_list_ptr(void *ptr, char *file, int line) { + ALLOC_LIST *alloc_list; + + alloc_list=(ALLOC_LIST *)ptr-1; + if(alloc_list->magic!=0xdeadbeef) { /* not allocated by str_alloc() */ + if(alloc_list->magic==0xdefec8ed) + fatal_debug("Double free attempt", file, line); + else + fatal_debug("Bad magic", file, line); /* LOL */ + } + if(alloc_list->tls /* not detached */ && alloc_list->tls!=get_alloc_tls()) + fatal_debug("Memory allocated in a different thread", file, line); + if(alloc_list->valid_canary && + memcmp((u8 *)ptr+alloc_list->size, canary, sizeof canary)) + fatal_debug("Dead canary", file, line); /* LOL */ + return alloc_list; +} + +/* end of str.c */ diff --git a/src/stunnel.c b/src/stunnel.c new file mode 100644 index 0000000..dbee838 --- /dev/null +++ b/src/stunnel.c @@ -0,0 +1,729 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +/* http://www.openssl.org/support/faq.html#PROG2 */ +#ifdef USE_WIN32 +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-pedantic" +#endif /* __GNUC__ */ +#include +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif /* __GNUC__ */ +#endif /* USE_WIN32 */ + +/**************************************** prototypes */ + +#ifdef __INNOTEK_LIBC__ +struct sockaddr_un { + u_char sun_len; /* sockaddr len including null */ + u_char sun_family; /* AF_OS2 or AF_UNIX */ + char sun_path[108]; /* path name */ +}; +#endif + +#ifndef USE_WIN32 +static int main_unix(int, char*[]); +#endif +static int accept_connection(SERVICE_OPTIONS *); +#ifdef HAVE_CHROOT +static int change_root(void); +#endif +#if !defined(USE_WIN32) && !defined(__vms) +static int daemonize(int); +static int create_pid(void); +static void delete_pid(void); +#endif +#if !defined(USE_WIN32) && !defined(USE_OS2) +static void signal_handler(int); +#endif +static int signal_pipe_init(void); +static int signal_pipe_dispatch(void); +#ifdef USE_FORK +static void client_status(void); /* dead children detected */ +#endif + +/**************************************** global variables */ + +static int signal_pipe[2]={-1, -1}; + +#ifndef USE_FORK +int max_clients=0; +volatile int num_clients=0; /* current number of clients */ +#endif +s_poll_set *fds; /* file descriptors of listening sockets */ + +/**************************************** startup */ + +#ifndef USE_WIN32 +int main(int argc, char* argv[]) { /* execution begins here 8-) */ + int retval; + +#ifdef M_MMAP_THRESHOLD + mallopt(M_MMAP_THRESHOLD, 4096); +#endif + str_init(); /* initialize per-thread string management */ + retval=main_unix(argc, argv); + unbind_ports(); + s_poll_free(fds); + fds=NULL; + str_stats(); + log_flush(LOG_MODE_ERROR); + return retval; +} + +static int main_unix(int argc, char* argv[]) { +#if !defined(__vms) && !defined(USE_OS2) + int fd; + + fd=open("/dev/null", O_RDWR); /* open /dev/null before chroot */ + if(fd<0) + fatal("Could not open /dev/null"); +#endif /* standard Unix */ + main_initialize(); + if(main_configure(argc>1 ? argv[1] : NULL, argc>2 ? argv[2] : NULL)) + return 1; + if(service_options.next) { /* there are service sections -> daemon mode */ +#if !defined(__vms) && !defined(USE_OS2) + if(daemonize(fd)) + return 1; + close(fd); + /* create_pid() must be called after drop_privileges() + * or it won't be possible to remove the file on exit */ + /* create_pid() must be called after daemonize() + * since the final pid is not known beforehand */ + if(create_pid()) + return 1; +#endif /* standard Unix */ + signal(SIGCHLD, signal_handler); /* handle dead children */ + signal(SIGHUP, signal_handler); /* configuration reload */ + signal(SIGUSR1, signal_handler); /* log reopen */ + signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */ + if(signal(SIGTERM, SIG_IGN)!=SIG_IGN) + signal(SIGTERM, signal_handler); /* fatal */ + if(signal(SIGQUIT, SIG_IGN)!=SIG_IGN) + signal(SIGQUIT, signal_handler); /* fatal */ + if(signal(SIGINT, SIG_IGN)!=SIG_IGN) + signal(SIGINT, signal_handler); /* fatal */ + daemon_loop(); + } else { /* inetd mode */ +#if !defined(__vms) && !defined(USE_OS2) + close(fd); +#endif /* standard Unix */ + signal(SIGCHLD, SIG_IGN); /* ignore dead children */ + signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */ + client_main(alloc_client_session(&service_options, 0, 1)); + } + return 0; +} +#endif + +void main_initialize() { /* one-time initialization */ + /* basic initialization contains essential functions required for logging + * subsystem to function properly, thus all errors here are fatal */ + if(ssl_init()) /* initialize SSL library */ + fatal("SSL initialization failed"); + if(sthreads_init()) /* initialize critical sections & SSL callbacks */ + fatal("Threads initialization failed"); +#ifndef USE_FORK + get_limits(); /* required by setup_fd() */ +#endif + fds=s_poll_alloc(); + if(signal_pipe_init()) + fatal("Signal pipe initialization failed: " + "check your personal firewall"); + stunnel_info(LOG_NOTICE); +} + + /* configuration-dependent initialization */ +int main_configure(char *arg1, char *arg2) { + if(parse_commandline(arg1, arg2)) + return 1; + str_canary_init(); /* needs prng initialization from parse_commandline */ +#if !defined(USE_WIN32) && !defined(__vms) + /* syslog_open() must be called before change_root() + * to be able to access /dev/log socket */ + syslog_open(); +#endif /* !defined(USE_WIN32) && !defined(__vms) */ + if(bind_ports()) + return 1; + +#ifdef HAVE_CHROOT + /* change_root() must be called before drop_privileges() + * since chroot() needs root privileges */ + if(change_root()) + return 1; +#endif /* HAVE_CHROOT */ + +#if !defined(USE_WIN32) && !defined(__vms) && !defined(USE_OS2) + if(drop_privileges(1)) + return 1; +#endif /* standard Unix */ + + /* log_open() must be be called after drop_privileges() + * or logfile rotation won't be possible */ + /* log_open() must be be called before daemonize() + * since daemonize() invalidates stderr */ + log_open(); + return 0; +} + +/**************************************** main loop accepting connections */ + +void daemon_loop(void) { + SERVICE_OPTIONS *opt; + int temporary_lack_of_resources; + + while(1) { + temporary_lack_of_resources=0; + if(s_poll_wait(fds, -1, -1)>=0) { + if(s_poll_canread(fds, signal_pipe[0])) + if(signal_pipe_dispatch()) /* received SIGNAL_TERMINATE */ + break; /* terminate daemon_loop */ + for(opt=service_options.next; opt; opt=opt->next) + if(opt->option.accept && s_poll_canread(fds, opt->fd)) + if(accept_connection(opt)) + temporary_lack_of_resources=1; + } else { + log_error(LOG_NOTICE, get_last_socket_error(), + "daemon_loop: s_poll_wait"); + temporary_lack_of_resources=1; + } + if(temporary_lack_of_resources) { + s_log(LOG_NOTICE, + "Accepting new connections suspended for 1 second"); + sleep(1); /* to avoid log trashing */ + } + } +} + + /* return 1 when a short delay is needed before another try */ +static int accept_connection(SERVICE_OPTIONS *opt) { + SOCKADDR_UNION addr; + char *from_address; + int s; + socklen_t addrlen; + + addrlen=sizeof addr; + for(;;) { + s=s_accept(opt->fd, &addr.sa, &addrlen, 1, "local socket"); + if(s>=0) /* success! */ + break; + switch(get_last_socket_error()) { + case S_EINTR: /* interrupted by a signal */ + break; /* retry now */ + case S_EMFILE: +#ifdef S_ENFILE + case S_ENFILE: +#endif +#ifdef S_ENOBUFS + case S_ENOBUFS: +#endif +#ifdef S_ENOMEM + case S_ENOMEM: +#endif + return 1; /* temporary lack of resources */ + default: + return 0; /* any other error */ + } + } + from_address=s_ntop(&addr, addrlen); + s_log(LOG_DEBUG, "Service [%s] accepted (FD=%d) from %s", + opt->servname, s, from_address); + str_free(from_address); +#ifndef USE_FORK + if(max_clients && num_clients>=max_clients) { + s_log(LOG_WARNING, "Connection rejected: too many clients (>=%d)", + max_clients); + closesocket(s); + return 0; + } +#endif + if(create_client(opt->fd, s, + alloc_client_session(opt, s, s), client_thread)) { + s_log(LOG_ERR, "Connection rejected: create_client failed"); + closesocket(s); + return 0; + } + return 0; +} + +/**************************************** initialization helpers */ + +/* clear fds, close old ports */ +void unbind_ports(void) { + SERVICE_OPTIONS *opt; +#ifdef HAVE_STRUCT_SOCKADDR_UN + struct stat st; /* buffer for stat */ +#endif + + s_poll_init(fds); + s_poll_add(fds, signal_pipe[0], 1, 0); + + for(opt=service_options.next; opt; opt=opt->next) + if(opt->option.accept && opt->fd>=0) { + closesocket(opt->fd); + s_log(LOG_DEBUG, "Service [%s] closed (FD=%d)", + opt->servname, opt->fd); + opt->fd=-1; +#ifdef HAVE_STRUCT_SOCKADDR_UN + if(opt->local_addr.sa.sa_family==AF_UNIX) { + if(lstat(opt->local_addr.un.sun_path, &st)) + sockerror(opt->local_addr.un.sun_path); + else if(!S_ISSOCK(st.st_mode)) + s_log(LOG_ERR, "Not a socket: %s", + opt->local_addr.un.sun_path); + else if(unlink(opt->local_addr.un.sun_path)) + sockerror(opt->local_addr.un.sun_path); + else + s_log(LOG_DEBUG, "Socket removed: %s", + opt->local_addr.un.sun_path); + } +#endif + } +} + +/* open new ports, update fds */ +int bind_ports(void) { + SERVICE_OPTIONS *opt; + char *local_address; + +#ifdef USE_LIBWRAP + /* execute after parse_commandline() to know service_options.next, + * but as early as possible to avoid leaking file descriptors */ + /* retry on each bind_ports() in case stunnel.conf was reloaded + without "libwrap = no" */ + libwrap_init(); +#endif /* USE_LIBWRAP */ + + s_poll_init(fds); + s_poll_add(fds, signal_pipe[0], 1, 0); + + /* allow clean unbind_ports() even though + bind_ports() was not fully performed */ + for(opt=service_options.next; opt; opt=opt->next) + if(opt->option.accept) + opt->fd=-1; + + for(opt=service_options.next; opt; opt=opt->next) { + if(opt->option.accept) { + opt->fd=s_socket(opt->local_addr.sa.sa_family, + SOCK_STREAM, 0, 1, "accept socket"); + if(opt->fd<0) + return 1; + if(set_socket_options(opt->fd, 0)<0) { + closesocket(opt->fd); + return 1; + } + /* local socket can't be unnamed */ + local_address=s_ntop(&opt->local_addr, addr_len(&opt->local_addr)); + if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) { + s_log(LOG_ERR, "Error binding service [%s] to %s", + opt->servname, local_address); + sockerror("bind"); + closesocket(opt->fd); + str_free(local_address); + return 1; + } + if(listen(opt->fd, SOMAXCONN)) { + sockerror("listen"); + closesocket(opt->fd); + str_free(local_address); + return 1; + } + s_poll_add(fds, opt->fd, 1, 0); + s_log(LOG_DEBUG, "Service [%s] (FD=%d) bound to %s", + opt->servname, opt->fd, local_address); + str_free(local_address); + } else if(opt->option.program && opt->option.remote) { + /* create exec+connect services */ + create_client(-1, -1, + alloc_client_session(opt, -1, -1), client_thread); + } + } + return 0; /* OK */ +} + +#ifdef HAVE_CHROOT +static int change_root(void) { + if(!global_options.chroot_dir) + return 0; + if(chroot(global_options.chroot_dir)) { + sockerror("chroot"); + return 1; + } + if(chdir("/")) { + sockerror("chdir"); + return 1; + } + return 0; +} +#endif /* HAVE_CHROOT */ + +#if !defined(USE_WIN32) && !defined(__vms) && !defined(USE_OS2) + +int drop_privileges(int critical) { +#ifdef HAVE_SETGROUPS + gid_t gr_list[1]; +#endif + + /* set uid and gid */ + if(global_options.gid) { + if(setgid(global_options.gid) && critical) { + sockerror("setgid"); + return 1; + } +#ifdef HAVE_SETGROUPS + gr_list[0]=global_options.gid; + if(setgroups(1, gr_list) && critical) { + sockerror("setgroups"); + return 1; + } +#endif + } + if(global_options.uid) { + if(setuid(global_options.uid) && critical) { + sockerror("setuid"); + return 1; + } + } + return 0; +} + +static int daemonize(int fd) { /* go to background */ + if(global_options.option.foreground) + return 0; + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); +#if defined(HAVE_DAEMON) && !defined(__BEOS__) + /* set noclose option when calling daemon() function, + * so it does not require /dev/null device in the chrooted directory */ + if(daemon(0, 1)==-1) { + ioerror("daemon"); + return 1; + } +#else + chdir("/"); + switch(fork()) { + case -1: /* fork failed */ + ioerror("fork"); + return 1; + case 0: /* child */ + break; + default: /* parent */ + exit(0); + } +#endif +#ifdef HAVE_SETSID + setsid(); /* ignore the error */ +#endif + return 0; +} + +static int create_pid(void) { + int pf; + char *pid; + + if(!global_options.pidfile) { + s_log(LOG_DEBUG, "No pid file being created"); + return 0; + } + if(global_options.pidfile[0]!='/') { + /* to prevent creating pid file relative to '/' after daemonize() */ + s_log(LOG_ERR, "Pid file (%s) must be full path name", global_options.pidfile); + return 1; + } + global_options.dpid=(unsigned long)getpid(); + + /* silently remove old pid file */ + unlink(global_options.pidfile); + pf=open(global_options.pidfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644); + if(pf==-1) { + s_log(LOG_ERR, "Cannot create pid file %s", global_options.pidfile); + ioerror("create"); + return 1; + } + pid=str_printf("%lu\n", global_options.dpid); + write(pf, pid, strlen(pid)); + str_free(pid); + close(pf); + s_log(LOG_DEBUG, "Created pid file %s", global_options.pidfile); + atexit(delete_pid); + return 0; +} + +static void delete_pid(void) { + if((unsigned long)getpid()!=global_options.dpid) + return; /* current process is not main daemon process */ + s_log(LOG_DEBUG, "removing pid file %s", global_options.pidfile); + if(unlink(global_options.pidfile)<0) + ioerror(global_options.pidfile); /* not critical */ +} + +#endif /* standard Unix */ + +/**************************************** signal pipe handling */ + +static int signal_pipe_init(void) { +#ifdef USE_WIN32 + if(make_sockets(signal_pipe)) + return 1; +#elif defined(__INNOTEK_LIBC__) + /* Innotek port of GCC can not use select on a pipe: + * use local socket instead */ + struct sockaddr_un un; + fd_set set_pipe; + int pipe_in; + + FD_ZERO(&set_pipe); + signal_pipe[0]=s_socket(PF_OS2, SOCK_STREAM, 0, 0, "socket#1"); + signal_pipe[1]=s_socket(PF_OS2, SOCK_STREAM, 0, 0, "socket#2"); + + /* connect the two endpoints */ + memset(&un, 0, sizeof un); + un.sun_len=sizeof un; + un.sun_family=AF_OS2; + sprintf(un.sun_path, "\\socket\\stunnel-%u", getpid()); + /* make the first endpoint listen */ + bind(signal_pipe[0], (struct sockaddr *)&un, sizeof un); + listen(signal_pipe[0], 1); + connect(signal_pipe[1], (struct sockaddr *)&un, sizeof un); + FD_SET(signal_pipe[0], &set_pipe); + if(select(signal_pipe[0]+1, &set_pipe, NULL, NULL, NULL)>0) { + pipe_in=signal_pipe[0]; + signal_pipe[0]=s_accept(signal_pipe[0], NULL, 0, 0, "accept"); + closesocket(pipe_in); + } else { + sockerror("select"); + return 1; + } +#else /* Unix */ + if(s_pipe(signal_pipe, 1, "signal_pipe")) + return 1; +#endif /* USE_WIN32 */ + return 0; +} + +void signal_post(int sig) { + writesocket(signal_pipe[1], (char *)&sig, sizeof sig); +} + +static int signal_pipe_dispatch(void) { + int sig, err; + + s_log(LOG_DEBUG, "Dispatching signals from the signal pipe"); + while(readsocket(signal_pipe[0], (char *)&sig, sizeof sig)==sizeof sig) { + switch(sig) { +#ifndef USE_WIN32 + case SIGCHLD: + s_log(LOG_DEBUG, "Processing SIGCHLD"); +#ifdef USE_FORK + client_status(); /* report status of client process */ +#else /* USE_UCONTEXT || USE_PTHREAD */ + child_status(); /* report status of libwrap or 'exec' process */ +#endif /* defined USE_FORK */ + break; +#endif /* !defind USE_WIN32 */ + case SIGNAL_RELOAD_CONFIG: + s_log(LOG_DEBUG, "Processing SIGNAL_RELOAD_CONFIG"); + err=parse_conf(NULL, CONF_RELOAD); + if(err) { + s_log(LOG_ERR, "Failed to reload the configuration file"); + } else { + unbind_ports(); + log_close(); + apply_conf(); + log_open(); + if(bind_ports()) { + /* FIXME: handle the error */ + } + } + break; + case SIGNAL_REOPEN_LOG: + s_log(LOG_DEBUG, "Processing SIGNAL_REOPEN_LOG"); + log_close(); + log_open(); + s_log(LOG_NOTICE, "Log file reopened"); + break; + case SIGNAL_TERMINATE: + s_log(LOG_DEBUG, "Processing SIGNAL_TERMINATE"); + s_log(LOG_NOTICE, "Terminated"); + return 2; + default: + s_log(LOG_ERR, "Received signal %d; terminating", sig); + return 1; + } + } + s_log(LOG_DEBUG, "Signal pipe is empty"); + return 0; +} + +#ifdef USE_FORK +static void client_status(void) { /* dead children detected */ + int pid, status; + +#ifdef HAVE_WAIT_FOR_PID + while((pid=wait_for_pid(-1, &status, WNOHANG))>0) { +#else + if((pid=wait(&status))>0) { +#endif +#ifdef WIFSIGNALED + if(WIFSIGNALED(status)) { + s_log(LOG_DEBUG, "Process %d terminated on signal %d", + pid, WTERMSIG(status)); + } else { + s_log(LOG_DEBUG, "Process %d finished with code %d", + pid, WEXITSTATUS(status)); + } + } +#else + s_log(LOG_DEBUG, "Process %d finished with code %d", + pid, status); + } +#endif +} +#endif /* defined USE_FORK */ + +#if !defined(USE_WIN32) && !defined(USE_OS2) + +void child_status(void) { /* dead libwrap or 'exec' process detected */ + int pid, status; + +#ifdef HAVE_WAIT_FOR_PID + while((pid=wait_for_pid(-1, &status, WNOHANG))>0) { +#else + if((pid=wait(&status))>0) { +#endif +#ifdef WIFSIGNALED + if(WIFSIGNALED(status)) { + s_log(LOG_INFO, "Child process %d terminated on signal %d", + pid, WTERMSIG(status)); + } else { + s_log(LOG_INFO, "Child process %d finished with code %d", + pid, WEXITSTATUS(status)); + } +#else + s_log(LOG_INFO, "Child process %d finished with status %d", + pid, status); +#endif + } +} + +static void signal_handler(int sig) { + int saved_errno; + + saved_errno=errno; + signal_post(sig); + signal(sig, signal_handler); + errno=saved_errno; +} + +#endif /* !defined(USE_WIN32) && !defined(USE_OS2) */ + +/**************************************** log messages to identify build */ + +void stunnel_info(int level) { + s_log(level, "stunnel " STUNNEL_VERSION " on " HOST " platform"); + if(SSLeay()==SSLEAY_VERSION_NUMBER) { + s_log(level, "Compiled/running with " OPENSSL_VERSION_TEXT); + } else { + s_log(level, "Compiled with " OPENSSL_VERSION_TEXT); + s_log(level, "Running with %s", SSLeay_version(SSLEAY_VERSION)); + s_log(level, "Update OpenSSL shared libraries or rebuild stunnel"); + } + s_log(level, + "Threading:" +#ifdef USE_UCONTEXT + "UCONTEXT" +#endif +#ifdef USE_PTHREAD + "PTHREAD" +#endif +#ifdef USE_WIN32 + "WIN32" +#endif +#ifdef USE_FORK + "FORK" +#endif + + " SSL:" +#if defined HAVE_OSSL_ENGINE_H || defined HAVE_OSSL_OCSP_H || defined USE_FIPS +#ifdef HAVE_OSSL_ENGINE_H + "+ENGINE" +#endif +#ifdef HAVE_OSSL_OCSP_H + "+OCSP" +#endif +#ifdef USE_FIPS + "+FIPS" +#endif +#else + "none" +#endif + + " Auth:" +#ifdef USE_LIBWRAP + "LIBWRAP" +#else + "none" +#endif + + " Sockets:" +#ifdef USE_POLL + "POLL" +#else /* defined(USE_POLL) */ + "SELECT" +#endif /* defined(USE_POLL) */ + "+IPv%c", +#if defined(USE_WIN32) && !defined(_WIN32_WCE) + s_getaddrinfo ? '6' : '4' +#else /* defined(USE_WIN32) */ +#if defined(USE_IPv6) + '6' +#else /* defined(USE_IPv6) */ + '4' +#endif /* defined(USE_IPv6) */ +#endif /* defined(USE_WIN32) */ + ); +} + +/* end of stunnel.c */ diff --git a/src/stunnel.ico b/src/stunnel.ico new file mode 100644 index 0000000..ba56e9c Binary files /dev/null and b/src/stunnel.ico differ diff --git a/src/stunnel3.in b/src/stunnel3.in new file mode 100755 index 0000000..30e14cd --- /dev/null +++ b/src/stunnel3.in @@ -0,0 +1,75 @@ +#!/usr/bin/perl +# +# stunnel3 Perl wrapper to use stunnel 3.x syntax in stunnel >=4.05 +# Copyright (C) 2004-2012 Michal Trojnara +# Version: 2.03 +# Date: 2011.10.22 +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, see . + +use POSIX; +use Getopt::Std; + +# Configuration - path to stunnel (version >=4.05) +$stunnel_bin='@prefix@/bin/stunnel'; + +# stunnel3 script body begins here +($read_fd, $write_fd)=POSIX::pipe(); +$pid=fork; +die "Can't fork" unless defined $pid; +if($pid) { # parent + POSIX::close($write_fd); + exec "$stunnel_bin -fd $read_fd"; + die "$stunnel_bin exec failed"; +} +# child +POSIX::close($read_fd); +open(STUNNEL, ">&$write_fd"); +# comment out the next line to see the config file +select(STUNNEL); + +getopts('cTWfD:O:o:C:p:v:a:A:t:N:u:n:E:R:B:I:d:s:g:P:r:L:l:'); + +print("client = yes\n") if defined $opt_c; +print("transparent = yes\n") if defined $opt_T; +print("RNDoverwrite = yes\n") if defined $opt_W; +print("foreground = yes\n") if defined $opt_f; +print("debug = $opt_D\n") if defined $opt_D; +print("socket = $opt_O\n") if defined $opt_O; +print("output = $opt_o\n") if defined $opt_o; +print("ciphers = $opt_C\n") if defined $opt_C; +print("cert = $opt_p\n") if defined $opt_p; +print("verify = $opt_v\n") if defined $opt_v; +print("CApath = $opt_a\n") if defined $opt_a; +print("CAfile = $opt_A\n") if defined $opt_A; +print("session = $opt_t\n") if defined $opt_t; +print("service = $opt_N\n") if defined $opt_N; +print("ident = $opt_u\n") if defined $opt_u; +print("protocol = $opt_n\n") if defined $opt_n; +print("EGD = $opt_E\n") if defined $opt_E; +print("RNDfile = $opt_R\n") if defined $opt_R; +print("RNDbytes = $opt_B\n") if defined $opt_B; +print("local = $opt_I\n") if defined $opt_I; +print("accept = $opt_d\n") if defined $opt_d; +print("setuid = $opt_s\n") if defined $opt_s; +print("setgid = $opt_g\n") if defined $opt_g; +print("pid = $opt_P\n") if defined $opt_P; +print("connect = $opt_r\n") if defined $opt_r; +print("pty = yes\n"), $opt_l=$opt_L if defined $opt_L; +print("exec = $opt_l\nexecargs = " . join(' ', $opt_l, @ARGV) . "\n") if defined $opt_l; +print("[stunnel3]\n") if defined $opt_d; + +close(STUNNEL); + +# stunnel3 script body ends here diff --git a/src/vc.mak b/src/vc.mak new file mode 100644 index 0000000..e2d62cc --- /dev/null +++ b/src/vc.mak @@ -0,0 +1,76 @@ +# vc.mak by Michal Trojnara 1998-2012 +# with help of David Gillingham +# with help of Pierre Delaage + +# the compilation requires: +# - Visual C++ 2005 Express Edition with Platform SDK +# http://social.msdn.microsoft.com/forums/en-US/Vsexpressvc/thread/c5c3afad-f4c6-4d27-b471-0291e099a742/ +# - Visual C++ 2005 Professional Edition +# - Visual C++ 2008 Express Edition + +# modify this to point to your OpenSSL directory +# either install a precompiled version (*not* the "Light" one) from +# http://www.slproweb.com/products/Win32OpenSSL.html +SSLDIR=C:\OpenSSL-Win32 +INCDIR=$(SSLDIR)\include +LIBDIR=$(SSLDIR)\lib +# or compile one yourself +#SSLDIR=..\..\openssl-1.0.0f +#INCDIR=$(SSLDIR)\inc32 +#LIBDIR=$(SSLDIR)\out32dll + +TARGETCPU=W32 +SRC=..\src +OBJROOT=..\obj +OBJ=$(OBJROOT)\$(TARGETCPU) +BINROOT=..\bin +BIN=$(BINROOT)\$(TARGETCPU) + +OBJS=$(OBJ)\stunnel.obj $(OBJ)\ssl.obj $(OBJ)\ctx.obj \ + $(OBJ)\verify.obj $(OBJ)\file.obj $(OBJ)\client.obj \ + $(OBJ)\protocol.obj $(OBJ)\sthreads.obj $(OBJ)\log.obj \ + $(OBJ)\options.obj $(OBJ)\network.obj $(OBJ)\resolver.obj \ + $(OBJ)\gui.obj $(OBJ)\resources.res $(OBJ)\str.obj $(OBJ)/fd.obj + +CC=cl +LINK=link + +CFLAGS=/MD /W3 /O2 /nologo /I"$(INCDIR)" +LDFLAGS=/NOLOGO + +LIBS=advapi32.lib comdlg32.lib crypt32.lib gdi32.lib \ + psapi.lib shell32.lib user32.lib ws2_32.lib \ + /LIBPATH:"$(LIBDIR)" libeay32.lib ssleay32.lib +# static linking: +# /LIBPATH:"$(LIBDIR)\VC\static" libeay32MD.lib ssleay32MD.lib + +{$(SRC)\}.c{$(OBJ)\}.obj: + $(CC) $(CFLAGS) -Fo$@ -c $< + +{$(SRC)\}.rc{$(OBJ)\}.res: + $(RC) -fo$@ -r $< + +all: makedirs $(BIN)\stunnel.exe + +clean: + -@ del $(OBJS) >NUL 2>&1 +# -@ del *.manifest >NUL 2>&1 + -@ del $(BIN)\stunnel.exe >NUL 2>&1 + -@ del $(BIN)\stunnel.exe.manifest >NUL 2>&1 + -@ rmdir $(OBJ) >NUL 2>&1 + -@ rmdir $(BIN) >NUL 2>&1 + +makedirs: + -@ IF NOT EXIST $(OBJROOT) mkdir $(OBJROOT) >NUL 2>&1 + -@ IF NOT EXIST $(OBJ) mkdir $(OBJ) >NUL 2>&1 + -@ IF NOT EXIST $(BINROOT) mkdir $(BINROOT) >NUL 2>&1 + -@ IF NOT EXIST $(BIN) mkdir $(BIN) >NUL 2>&1 + +$(OBJS): *.h vc.mak + +$(BIN)\stunnel.exe: $(OBJS) + $(LINK) $(LDFLAGS) $(LIBS) /OUT:$@ $** + IF EXIST $@.manifest \ + mt -nologo -manifest $@.manifest -outputresource:$@;1 + +# end of vc.mak diff --git a/src/verify.c b/src/verify.c new file mode 100644 index 0000000..3519144 --- /dev/null +++ b/src/verify.c @@ -0,0 +1,541 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "common.h" +#include "prototypes.h" + +/**************************************** prototypes */ + +/* verify initialization */ +static int load_file_lookup(X509_STORE *, char *); +static int add_dir_lookup(X509_STORE *, char *); + +/* verify callback */ +static int verify_callback(int, X509_STORE_CTX *); +static int cert_check(CLI *c, X509_STORE_CTX *, int); +static int crl_check(CLI *c, X509_STORE_CTX *); +#ifdef HAVE_OSSL_OCSP_H +static int ocsp_check(CLI *c, X509_STORE_CTX *); +static OCSP_RESPONSE *ocsp_get_response(CLI *, OCSP_REQUEST *); +#endif + +/* utility functions */ +static void log_time(const int, const char *, ASN1_TIME *); + +/**************************************** verify initialization */ + +int verify_init(SERVICE_OPTIONS *section) { + if(section->verify_level<0) + return 0; /* OK - no certificate verification */ + + if(section->verify_level>=2 && !section->ca_file && !section->ca_dir) { + s_log(LOG_ERR, + "Either CApath or CAfile has to be used for authentication"); + return 1; /* FAILED */ + } + + section->revocation_store=X509_STORE_new(); + if(!section->revocation_store) { + sslerror("X509_STORE_new"); + return 1; /* FAILED */ + } + + if(section->ca_file) { + if(!SSL_CTX_load_verify_locations(section->ctx, + section->ca_file, NULL)) { + s_log(LOG_ERR, "Error loading verify certificates from %s", + section->ca_file); + sslerror("SSL_CTX_load_verify_locations"); + return 1; /* FAILED */ + } + /* list of trusted CAs for the client to choose the right cert */ + SSL_CTX_set_client_CA_list(section->ctx, + SSL_load_client_CA_file(section->ca_file)); + s_log(LOG_DEBUG, "Loaded verify certificates from %s", + section->ca_file); + if(load_file_lookup(section->revocation_store, section->ca_file)) + return 1; /* FAILED */ + } + + if(section->ca_dir) { + if(!SSL_CTX_load_verify_locations(section->ctx, + NULL, section->ca_dir)) { + s_log(LOG_ERR, "Error setting verify directory to %s", + section->ca_dir); + sslerror("SSL_CTX_load_verify_locations"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "Verify directory set to %s", section->ca_dir); + add_dir_lookup(section->revocation_store, section->ca_dir); + } + + if(section->crl_file) + if(load_file_lookup(section->revocation_store, section->crl_file)) + return 1; /* FAILED */ + + if(section->crl_dir) { + section->revocation_store->cache=0; /* don't cache CRLs */ + add_dir_lookup(section->revocation_store, section->crl_dir); + } + + SSL_CTX_set_verify(section->ctx, SSL_VERIFY_PEER | + (section->verify_level>=2 ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), + verify_callback); + + if(section->ca_dir && section->verify_level>=3) + s_log(LOG_INFO, "Peer certificate location %s", section->ca_dir); + return 0; /* OK */ +} + +static int load_file_lookup(X509_STORE *store, char *name) { + X509_LOOKUP *lookup; + + lookup=X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if(!lookup) { + sslerror("X509_STORE_add_lookup"); + return 1; /* FAILED */ + } + if(!X509_LOOKUP_load_file(lookup, name, X509_FILETYPE_PEM)) { + s_log(LOG_ERR, "Failed to load %s revocation lookup file", name); + sslerror("X509_LOOKUP_load_file"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "Loaded %s revocation lookup file", name); + return 0; /* OK */ +} + +static int add_dir_lookup(X509_STORE *store, char *name) { + X509_LOOKUP *lookup; + + lookup=X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if(!lookup) { + sslerror("X509_STORE_add_lookup"); + return 1; /* FAILED */ + } + if(!X509_LOOKUP_add_dir(lookup, name, X509_FILETYPE_PEM)) { + s_log(LOG_ERR, "Failed to add %s revocation lookup directory", name); + sslerror("X509_LOOKUP_add_dir"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "Added %s revocation lookup directory", name); + return 0; /* OK */ +} + +/**************************************** verify callback */ + +static int verify_callback(int preverify_ok, X509_STORE_CTX *callback_ctx) { + /* our verify callback function */ + SSL *ssl; + CLI *c; + X509 *cert; + int depth; + char *subject_name; + + /* retrieve application specific data */ + ssl=X509_STORE_CTX_get_ex_data(callback_ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + c=SSL_get_ex_data(ssl, cli_index); + cert=X509_STORE_CTX_get_current_cert(callback_ctx); + depth=X509_STORE_CTX_get_error_depth(callback_ctx); + + /* certificate name for logging */ + subject_name=X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + + s_log(LOG_DEBUG, "Starting certificate verification: depth=%d, %s", + depth, subject_name); + if(!cert_check(c, callback_ctx, preverify_ok)) { + s_log(LOG_WARNING, "Certificate check failed: depth=%d, %s", + depth, subject_name); + OPENSSL_free(subject_name); + return 0; /* reject connection */ + } + if(!crl_check(c, callback_ctx)) { + s_log(LOG_WARNING, "CRL check failed: depth=%d, %s", + depth, subject_name); + OPENSSL_free(subject_name); + return 0; /* reject connection */ + } +#ifdef HAVE_OSSL_OCSP_H + if(c->opt->option.ocsp && !ocsp_check(c, callback_ctx)) { + s_log(LOG_WARNING, "OCSP check failed: depth=%d, %s", + depth, subject_name); + OPENSSL_free(subject_name); + return 0; /* reject connection */ + } +#endif /* HAVE_OSSL_OCSP_H */ + /* errnum=X509_STORE_CTX_get_error(ctx); */ + s_log(LOG_NOTICE, "Certificate accepted: depth=%d, %s", + depth, subject_name); + OPENSSL_free(subject_name); + return 1; /* accept connection */ +} + +/**************************************** certificate checking */ + +static int cert_check(CLI *c, X509_STORE_CTX *callback_ctx, int preverify_ok) { + X509_OBJECT obj; +#if OPENSSL_VERSION_NUMBER>=0x0090700fL + ASN1_BIT_STRING *local_key, *peer_key; +#endif + X509 *cert; + int depth; + + if(c->opt->verify_level<1) { + s_log(LOG_INFO, "CERT: Verification not enabled"); + return 1; /* accept connection */ + } + cert=X509_STORE_CTX_get_current_cert(callback_ctx); + depth=X509_STORE_CTX_get_error_depth(callback_ctx); + if(!preverify_ok) { + /* remote site specified a certificate, but it's not correct */ + if(c->opt->verify_level>=4 && depth>0) { + s_log(LOG_INFO, "CERT: Invalid CA certificate ignored"); + return 1; /* accept connection */ + } else { + s_log(LOG_WARNING, "CERT: Verification error: %s", + X509_verify_cert_error_string( + X509_STORE_CTX_get_error(callback_ctx))); + return 0; /* reject connection */ + } + } + if(c->opt->verify_level>=3 && depth==0) { + if(X509_STORE_get_by_subject(callback_ctx, X509_LU_X509, + X509_get_subject_name(cert), &obj)!=1) { + s_log(LOG_WARNING, + "CERT: Certificate not found in local repository"); + return 0; /* reject connection */ + } +#if OPENSSL_VERSION_NUMBER>=0x0090700fL + peer_key=X509_get0_pubkey_bitstr(cert); + local_key=X509_get0_pubkey_bitstr(obj.data.x509); + if(!peer_key || !local_key || peer_key->length!=local_key->length || + memcmp(peer_key->data, local_key->data, local_key->length)) { + s_log(LOG_WARNING, "CERT: Public keys do not match"); + return 0; /* reject connection */ + } +#endif + s_log(LOG_INFO, "CERT: Locally installed certificate matched"); + } + return 1; /* accept connection */ +} + +/**************************************** CRL checking */ + +/* based on BSD-style licensed code of mod_ssl */ +static int crl_check(CLI *c, X509_STORE_CTX *callback_ctx) { + X509_STORE_CTX store_ctx; + X509_OBJECT obj; + X509_NAME *subject; + X509_NAME *issuer; + X509 *cert; + X509_CRL *crl; + X509_REVOKED *revoked; + EVP_PKEY *pubkey; + long serial; + int i, n, rc; + char *cp; + ASN1_TIME *last_update=NULL, *next_update=NULL; + + /* determine certificate ingredients in advance */ + cert=X509_STORE_CTX_get_current_cert(callback_ctx); + subject=X509_get_subject_name(cert); + issuer=X509_get_issuer_name(cert); + + /* try to retrieve a CRL corresponding to the _subject_ of + * the current certificate in order to verify it's integrity */ + memset((char *)&obj, 0, sizeof obj); + X509_STORE_CTX_init(&store_ctx, c->opt->revocation_store, NULL, NULL); + rc=X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj); + X509_STORE_CTX_cleanup(&store_ctx); + crl=obj.data.crl; + if(rc>0 && crl) { + cp=X509_NAME_oneline(subject, NULL, 0); + s_log(LOG_INFO, "CRL: issuer: %s", cp); + OPENSSL_free(cp); + last_update=X509_CRL_get_lastUpdate(crl); + next_update=X509_CRL_get_nextUpdate(crl); + log_time(LOG_INFO, "CRL: last update", last_update); + log_time(LOG_INFO, "CRL: next update", next_update); + + /* verify the signature on this CRL */ + pubkey=X509_get_pubkey(cert); + if(X509_CRL_verify(crl, pubkey)<=0) { + s_log(LOG_WARNING, "CRL: Invalid signature"); + X509_STORE_CTX_set_error(callback_ctx, + X509_V_ERR_CRL_SIGNATURE_FAILURE); + X509_OBJECT_free_contents(&obj); + if(pubkey) + EVP_PKEY_free(pubkey); + return 0; /* reject connection */ + } + if(pubkey) + EVP_PKEY_free(pubkey); + + /* check date of CRL to make sure it's not expired */ + if(!next_update) { + s_log(LOG_WARNING, "CRL: Invalid nextUpdate field"); + X509_STORE_CTX_set_error(callback_ctx, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); + X509_OBJECT_free_contents(&obj); + return 0; /* reject connection */ + } + if(X509_cmp_current_time(next_update)<0) { + s_log(LOG_WARNING, "CRL: CRL Expired - revoking all certificates"); + X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED); + X509_OBJECT_free_contents(&obj); + return 0; /* reject connection */ + } + X509_OBJECT_free_contents(&obj); + } + + /* try to retrieve a CRL corresponding to the _issuer_ of + * the current certificate in order to check for revocation */ + memset((char *)&obj, 0, sizeof obj); + X509_STORE_CTX_init(&store_ctx, c->opt->revocation_store, NULL, NULL); + rc=X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj); + X509_STORE_CTX_cleanup(&store_ctx); + crl=obj.data.crl; + if(rc>0 && crl) { + /* check if the current certificate is revoked by this CRL */ + n=sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); + for(i=0; iserialNumber, + X509_get_serialNumber(cert)) == 0) { + serial=ASN1_INTEGER_get(revoked->serialNumber); + cp=X509_NAME_oneline(issuer, NULL, 0); + s_log(LOG_WARNING, "CRL: Certificate with serial %ld (0x%lX) " + "revoked per CRL from issuer %s", serial, serial, cp); + OPENSSL_free(cp); + X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED); + X509_OBJECT_free_contents(&obj); + return 0; /* reject connection */ + } + } + X509_OBJECT_free_contents(&obj); + } + return 1; /* accept connection */ +} + +#ifdef HAVE_OSSL_OCSP_H + +/**************************************** OCSP checking */ +/* TODO: check OCSP server specified in the certificate */ + +static int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx) { + int error, retval=0; + X509 *cert; + X509 *issuer=NULL; + OCSP_CERTID *certID; + OCSP_REQUEST *request=NULL; + OCSP_RESPONSE *response=NULL; + OCSP_BASICRESP *basicResponse=NULL; + ASN1_GENERALIZEDTIME *revoked_at=NULL, + *this_update=NULL, *next_update=NULL; + int status, reason; + + /* get current certificate ID */ + cert=X509_STORE_CTX_get_current_cert(callback_ctx); /* get current cert */ + if(X509_STORE_CTX_get1_issuer(&issuer, callback_ctx, cert)!=1) { + sslerror("OCSP: X509_STORE_CTX_get1_issuer"); + goto cleanup; + } + certID=OCSP_cert_to_id(0, cert, issuer); + if(!certID) { + sslerror("OCSP: OCSP_cert_to_id"); + goto cleanup; + } + + /* build request */ + request=OCSP_REQUEST_new(); + if(!request) { + sslerror("OCSP: OCSP_REQUEST_new"); + goto cleanup; + } + if(!OCSP_request_add0_id(request, certID)) { + sslerror("OCSP: OCSP_request_add0_id"); + goto cleanup; + } + OCSP_request_add1_nonce(request, 0, -1); + + /* send the request and get a response */ + response=ocsp_get_response(c, request); + if(!response) + goto cleanup; + error=OCSP_response_status(response); + if(error!=OCSP_RESPONSE_STATUS_SUCCESSFUL) { + s_log(LOG_WARNING, "OCSP: Responder error: %d: %s", + error, OCSP_response_status_str(error)); + goto cleanup; + } + s_log(LOG_DEBUG, "OCSP: Response received"); + + /* verify the response */ + basicResponse=OCSP_response_get1_basic(response); + if(!basicResponse) { + sslerror("OCSP: OCSP_response_get1_basic"); + goto cleanup; + } + if(OCSP_check_nonce(request, basicResponse)<=0) { + sslerror("OCSP: OCSP_check_nonce"); + goto cleanup; + } + if(OCSP_basic_verify(basicResponse, NULL, + c->opt->revocation_store, c->opt->ocsp_flags)<=0) { + sslerror("OCSP: OCSP_basic_verify"); + goto cleanup; + } + if(!OCSP_resp_find_status(basicResponse, certID, &status, &reason, + &revoked_at, &this_update, &next_update)) { + sslerror("OCSP: OCSP_resp_find_status"); + goto cleanup; + } + s_log(LOG_NOTICE, "OCSP: Status: %d: %s", + status, OCSP_cert_status_str(status)); + log_time(LOG_INFO, "OCSP: This update", this_update); + log_time(LOG_INFO, "OCSP: Next update", next_update); + /* check if the response is valid for at least one minute */ + if(!OCSP_check_validity(this_update, next_update, 60, -1)) { + sslerror("OCSP: OCSP_check_validity"); + goto cleanup; + } + if(status==V_OCSP_CERTSTATUS_REVOKED) { + if(reason==-1) + s_log(LOG_WARNING, "OCSP: Certificate revoked"); + else + s_log(LOG_WARNING, "OCSP: Certificate revoked: %d: %s", + reason, OCSP_crl_reason_str(reason)); + log_time(LOG_NOTICE, "OCSP: Revoked at", revoked_at); + goto cleanup; + } + retval=1; /* accept connection */ +cleanup: + if(issuer) + X509_free(issuer); + if(request) + OCSP_REQUEST_free(request); + if(response) + OCSP_RESPONSE_free(response); + if(basicResponse) + OCSP_BASICRESP_free(basicResponse); + return retval; +} + +static OCSP_RESPONSE *ocsp_get_response(CLI *c, OCSP_REQUEST *req) { + BIO *bio=NULL; + OCSP_REQ_CTX *req_ctx=NULL; + OCSP_RESPONSE *resp=NULL; + int err; + + /* connect specified OCSP server (responder) */ + c->fd=s_socket(c->opt->ocsp_addr.sa.sa_family, SOCK_STREAM, 0, + 1, "OCSP: socket (auth_user)"); + if(c->fd<0) + goto cleanup; + if(connect_blocking(c, &c->opt->ocsp_addr, addr_len(&c->opt->ocsp_addr))) + goto cleanup; + bio=BIO_new_fd(c->fd, BIO_NOCLOSE); + if(!bio) + goto cleanup; + s_log(LOG_DEBUG, "OCSP: server connected"); + + /* OCSP protocol communication loop */ + req_ctx=OCSP_sendreq_new(bio, c->opt->ocsp_path, req, -1); + if(!req_ctx) { + sslerror("OCSP: OCSP_sendreq_new"); + goto cleanup; + } + while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) { + s_poll_init(c->fds); + s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); + err=s_poll_wait(c->fds, c->opt->timeout_busy, 0); + if(err==-1) + sockerror("OCSP: s_poll_wait"); + if(err==0) + s_log(LOG_INFO, "OCSP: s_poll_wait: TIMEOUTbusy exceeded"); + if(err<=0) + goto cleanup; + } + /* s_log(LOG_DEBUG, "OCSP: context state: 0x%x", *(int *)req_ctx); */ + /* http://www.mail-archive.com/openssl-users@openssl.org/msg61691.html */ + if(!resp) { + if(ERR_peek_error()) + sslerror("OCSP: OCSP_sendreq_nbio"); + else /* OpenSSL error: OCSP_sendreq_nbio does not use OCSPerr */ + s_log(LOG_ERR, "OCSP: OCSP_sendreq_nbio: OpenSSL internal error"); + } + +cleanup: + if(req_ctx) + OCSP_REQ_CTX_free(req_ctx); + if(bio) + BIO_free_all(bio); + if(c->fd>=0) { + closesocket(c->fd); + c->fd=-1; /* avoid double close on cleanup */ + } + return resp; +} + +#endif /* HAVE_OSSL_OCSP_H */ + +static void log_time(const int level, const char *txt, ASN1_TIME *t) { + char *cp; + BIO *bio; + int n; + + if(!t) + return; + bio=BIO_new(BIO_s_mem()); + if(!bio) + return; + ASN1_TIME_print(bio, t); + n=BIO_pending(bio); + cp=str_alloc(n+1); + n=BIO_read(bio, cp, n); + if(n<0) { + BIO_free(bio); + str_free(cp); + return; + } + cp[n]='\0'; + BIO_free(bio); + s_log(level, "%s: %s", txt, cp); + str_free(cp); +} + +/* end of verify.c */ diff --git a/src/version.h b/src/version.h new file mode 100644 index 0000000..986bcc1 --- /dev/null +++ b/src/version.h @@ -0,0 +1,88 @@ +/* + * stunnel Universal SSL tunnel + * Copyright (C) 1998-2012 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#ifndef VERSION_MAJOR + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +/* HOST may be undefined on Win32 platform */ +#ifndef HOST +#ifdef __MINGW32__ +#define HOST "x86-pc-mingw32-gnu" +#else /* __MINGW32__ */ +#ifdef _MSC_VER +#define _QUOTEME(x) #x +#define QUOTEME(x) _QUOTEME(x) +#define HOST "x86-pc-msvc-" ## QUOTEME(_MSC_VER) +#else /* _MSC_VER */ +#define HOST "x86-pc-unknown" +#endif /* _MSC_VER */ +#endif /* __MINGW32__ */ +#endif /* HOST */ + +/* START CUSTOMIZE */ +#define VERSION_MAJOR 4 +#define VERSION_MINOR 53 +/* END CUSTOMIZE */ + +/* all the following macros are ABSOLUTELY NECESSARY to have proper string + * construction with VARIOUS C preprocessors (EVC, VC, BCC, GCC) */ +#define STRINGIZE0(x) #x +#define STRINGIZE(x) STRINGIZE0(x) +#define STRZCONCAT30(a,b,c) a##b##c +#define STRZCONCAT3(a,b,c) STRZCONCAT30(a,b,c) + +/* for resource.rc, stunnel.c, gui.c */ +#define STUNNEL_VERSION0 STRZCONCAT3(VERSION_MAJOR, . , VERSION_MINOR) +#define STUNNEL_VERSION STRINGIZE(STUNNEL_VERSION0) + +/* for resources.rc */ +#define STUNNEL_VERSION_FIELDS VERSION_MAJOR,VERSION_MINOR,0,0 +#define STUNNEL_PRODUCTNAME "stunnel " STUNNEL_VERSION " for " HOST + +/* some useful tricks for preprocessing debugging */ +#if 0 +#pragma message ( "VERSION.H: STUNNEL_VERSION is " STUNNEL_VERSION ) +#pragma message ( "VERSION.H: HOST is " HOST ) +#pragma message ( "VERSION.H: STUNNEL_PRODUCTNAME is " STUNNEL_PRODUCTNAME ) +#endif + +#endif /* VERSION_MAJOR */ + +/* end of version.h */ diff --git a/tools/Makefile.am b/tools/Makefile.am new file mode 100644 index 0000000..25a78ec --- /dev/null +++ b/tools/Makefile.am @@ -0,0 +1,36 @@ +## Process this file with automake to produce Makefile.in + +EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ + stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf + +confdir = $(sysconfdir)/stunnel +conf_DATA = stunnel.conf-sample + +docdir = $(datadir)/doc/stunnel +examplesdir = $(docdir)/examples +examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ + stunnel.spec stunnel.init stunnel.service + +OPENSSL=$(SSLDIR)/bin/openssl +install-data-local: + if test ! -r $(DESTDIR)$(confdir)/stunnel.pem; then \ + if test -r "$(RANDOM_FILE)"; then \ + dd if="$(RANDOM_FILE)" of=stunnel.rnd bs=256 count=1; \ + RND="-rand stunnel.rnd"; \ + else \ + RND=""; \ + fi; \ + $(OPENSSL) req -new -x509 -days 365 $$RND \ + -config $(srcdir)/stunnel.cnf \ + -out stunnel.pem -keyout stunnel.pem; \ + $(OPENSSL) gendh $$RND 1024 >> stunnel.pem; \ + $(OPENSSL) x509 -subject -dates -fingerprint -noout -in stunnel.pem; \ + ${INSTALL} -m 600 stunnel.pem $(DESTDIR)$(confdir)/stunnel.pem; \ + rm stunnel.pem; \ + fi + ${INSTALL} -d -m 1770 $(DESTDIR)$(localstatedir)/lib/stunnel + -chgrp $(DEFAULT_GROUP) $(DESTDIR)$(localstatedir)/lib/stunnel + +clean-local: + -rm -f stunnel.rnd + diff --git a/tools/Makefile.in b/tools/Makefile.in new file mode 100644 index 0000000..5c9b7b4 --- /dev/null +++ b/tools/Makefile.in @@ -0,0 +1,467 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = tools +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/stunnel.conf-sample.in $(srcdir)/stunnel.init.in \ + $(srcdir)/stunnel.service.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = stunnel.conf-sample stunnel.init stunnel.service +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(confdir)" "$(DESTDIR)$(examplesdir)" +DATA = $(conf_DATA) $(examples_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_GROUP = @DEFAULT_GROUP@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIBTOOL_DEPS = @LIBTOOL_DEPS@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANDOM_FILE = @RANDOM_FILE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SSLDIR = @SSLDIR@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = $(datadir)/doc/stunnel +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +stunnel_CFLAGS = @stunnel_CFLAGS@ +stunnel_LDFLAGF = @stunnel_LDFLAGF@ +stunnel_LDFLAGS = @stunnel_LDFLAGS@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ + stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf + +confdir = $(sysconfdir)/stunnel +conf_DATA = stunnel.conf-sample +examplesdir = $(docdir)/examples +examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ + stunnel.spec stunnel.init stunnel.service + +OPENSSL = $(SSLDIR)/bin/openssl +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tools/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu tools/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +stunnel.conf-sample: $(top_builddir)/config.status $(srcdir)/stunnel.conf-sample.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +stunnel.init: $(top_builddir)/config.status $(srcdir)/stunnel.init.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +stunnel.service: $(top_builddir)/config.status $(srcdir)/stunnel.service.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-confDATA: $(conf_DATA) + @$(NORMAL_INSTALL) + test -z "$(confdir)" || $(MKDIR_P) "$(DESTDIR)$(confdir)" + @list='$(conf_DATA)'; test -n "$(confdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(confdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(confdir)" || exit $$?; \ + done + +uninstall-confDATA: + @$(NORMAL_UNINSTALL) + @list='$(conf_DATA)'; test -n "$(confdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(confdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(confdir)" && rm -f $$files +install-examplesDATA: $(examples_DATA) + @$(NORMAL_INSTALL) + test -z "$(examplesdir)" || $(MKDIR_P) "$(DESTDIR)$(examplesdir)" + @list='$(examples_DATA)'; test -n "$(examplesdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(examplesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(examplesdir)" || exit $$?; \ + done + +uninstall-examplesDATA: + @$(NORMAL_UNINSTALL) + @list='$(examples_DATA)'; test -n "$(examplesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(examplesdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(examplesdir)" && rm -f $$files +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(confdir)" "$(DESTDIR)$(examplesdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-confDATA install-data-local \ + install-examplesDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-confDATA uninstall-examplesDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-confDATA install-data install-data-am \ + install-data-local install-dvi install-dvi-am \ + install-examplesDATA install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + uninstall uninstall-am uninstall-confDATA \ + uninstall-examplesDATA + +install-data-local: + if test ! -r $(DESTDIR)$(confdir)/stunnel.pem; then \ + if test -r "$(RANDOM_FILE)"; then \ + dd if="$(RANDOM_FILE)" of=stunnel.rnd bs=256 count=1; \ + RND="-rand stunnel.rnd"; \ + else \ + RND=""; \ + fi; \ + $(OPENSSL) req -new -x509 -days 365 $$RND \ + -config $(srcdir)/stunnel.cnf \ + -out stunnel.pem -keyout stunnel.pem; \ + $(OPENSSL) gendh $$RND 1024 >> stunnel.pem; \ + $(OPENSSL) x509 -subject -dates -fingerprint -noout -in stunnel.pem; \ + ${INSTALL} -m 600 stunnel.pem $(DESTDIR)$(confdir)/stunnel.pem; \ + rm stunnel.pem; \ + fi + ${INSTALL} -d -m 1770 $(DESTDIR)$(localstatedir)/lib/stunnel + -chgrp $(DEFAULT_GROUP) $(DESTDIR)$(localstatedir)/lib/stunnel + +clean-local: + -rm -f stunnel.rnd + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tools/ca.html b/tools/ca.html new file mode 100644 index 0000000..cf25736 --- /dev/null +++ b/tools/ca.html @@ -0,0 +1,56 @@ + + + + Make your own certificate + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Key bits:
Your name:
Your e-mail address:
Country name:
State or province name:
Organization:
Comment:
+ +

+ 

+
+ + diff --git a/tools/ca.pl b/tools/ca.pl new file mode 100755 index 0000000..151dded --- /dev/null +++ b/tools/ca.pl @@ -0,0 +1,65 @@ +#!/usr/bin/perl + +$config = "/var/openssl/openssl.cnf"; +$capath = "/usr/bin/openssl ca"; +$certpass = "mypassword"; +$tempca = "/tmp/ssl/cli".rand 10000; +$tempout = "/tmp/ssl/certtmp".rand 10000; +$caout = "/tmp/ssl/certout.txt"; +$CAcert = "/var/openssl/localCA/cacert.pem"; +$spkac = ""; + +&ReadForm; + +$spkac = $FIELDS{'SPKAC'}; +$spkac =~ s/\n//g; + +open(TEMPCE,">$tempca") || die &Error; +print TEMPCE "C = $FIELDS{'country'}\n"; +print TEMPCE "ST = $FIELDS{'state'}\n"; +print TEMPCE "O = $FIELDS{'organization'}\n"; +print TEMPCE "Email = $FIELDS{'email'}\n"; +print TEMPCE "CN = $FIELDS{'who'}\n"; +print TEMPCE "SPKAC = $spkac\n"; +close(TEMPCE); + +system("$capath -batch -config $config -spkac $tempca -out $tempout -key $certpass -cert $CAcert>> $caout 2>&1"); +open(CERT,"$tempout") || die &Error; +@certificate = ; +close(CERT); + +#system("rm -f $tempca"); +#system("rm -f $tempout"); + +print "Content-type: application/x-x509-user-cert\n\n"; +print @certificate; + +############################################################## +#### +#### Procedures +#### + +sub ReadForm { + + if ($ENV{'REQUEST_METHOD'} eq 'GET') { + @pairs = split(/&/, $ENV{'QUERY_STRING'}); + } + elsif ($ENV{'REQUEST_METHOD'} eq 'POST') { + read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); + @pairs = split(/&/, $buffer); + } + foreach $pair (@pairs) { + ($name, $value) = split(/=/, $pair); + $name =~ tr/+/ /; + $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; + $value =~ tr/+/ /; + $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; + $value =~ s///g; + $FIELDS{$name} = $value; + } +} + +sub Error { + print "Content-type: text/html\n\n"; + print "

Cant open file

\n"; +} diff --git a/tools/importCA.html b/tools/importCA.html new file mode 100644 index 0000000..dd1feab --- /dev/null +++ b/tools/importCA.html @@ -0,0 +1,16 @@ + + + + Import CA root certificate + + +  +
  +
  +
  +
  +
Import +CA certificate
+ + + diff --git a/tools/importCA.sh b/tools/importCA.sh new file mode 100755 index 0000000..e492fe2 --- /dev/null +++ b/tools/importCA.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +echo "Content-type: application/x-x509-ca-cert" +echo +cat /var/lib/httpds/cgi-bin/cacert.pem diff --git a/tools/script.sh b/tools/script.sh new file mode 100755 index 0000000..d362c23 --- /dev/null +++ b/tools/script.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +REMOTE_HOST="www.mirt.net:443" +echo "client script connecting $REMOTE_HOST" +/usr/local/bin/stunnel -fd 10 \ + 11<&0 </dev/null; then + echo -n "[Already running: $file] " + elif $DAEMON $ARGS; then + echo -n "[Started: $file] " + else + echo "[Failed: $file]" + echo "You should check that you have specified the pid= in you configuration file" + exit 1 + fi + fi + done; +} + +killdaemons() +{ + SIGNAL=${1:-TERM} + for file in $FILES; do + PROCLIST=`get_pids $file` + if [ "$PROCLIST" ] && kill -s 0 $PROCLIST 2>/dev/null; then + kill -s $SIGNAL $PROCLIST + echo -n "[stopped: $file] " + fi + done +} + +if [ "x$OPTIONS" != "x" ]; then + OPTIONS="-- $OPTIONS" +fi + +test -f /etc/default/stunnel && . /etc/default/stunnel +if [ "$ENABLED" = "0" ] ; then + echo "$DESC disabled, see /etc/default/stunnel" + exit 0 +fi + +test -x $DAEMON || exit 0 + +set -e + +case "$1" in + start) + echo -n "Starting $DESC: " + startdaemons + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + killdaemons + echo "$NAME." + ;; + reopen-logs) + echo -n "Reopening log files $DESC: " + killdaemons USR1 + echo "$NAME." + ;; + force-reload|reload) + echo -n "Reloading configuration $DESC: " + killdaemons HUP + echo "$NAME." + ;; + restart) + echo -n "Restarting $DESC: " + killdaemons + sleep 5 + startdaemons + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|reload|reopen-logs|restart}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/tools/stunnel.license b/tools/stunnel.license new file mode 100644 index 0000000..cdf68e2 --- /dev/null +++ b/tools/stunnel.license @@ -0,0 +1,13 @@ +Copyright (C) 1998-2012 Michal Trojnara + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, see . + +Linking stunnel statically or dynamically with other modules is making a combined work based on stunnel. Thus, the terms and conditions of the GNU General Public License cover the whole combination. + +In addition, as a special exception, the copyright holder of stunnel gives you permission to combine stunnel with free software programs or libraries that are released under the GNU LGPL and with code included in the standard release of OpenSSL under the OpenSSL License (or modified versions of such code, with unchanged license). You may copy and distribute such a system following the terms of the GNU GPL for stunnel and the licenses of the other code concerned. + +Note that people who make modified versions of stunnel are not obligated to grant this special exception for their modified versions; it is their choice whether to do so. The GNU General Public License gives permission to release a modified version without this exception; this exception also makes it possible to release a modified version which carries forward this exception. diff --git a/tools/stunnel.nsi b/tools/stunnel.nsi new file mode 100644 index 0000000..69a30be --- /dev/null +++ b/tools/stunnel.nsi @@ -0,0 +1,182 @@ +# NSIS stunnel installer by Michal Trojnara 1998-2012 + +!include "Sections.nsh" + +Name "stunnel ${VERSION}" +OutFile "stunnel-${VERSION}-installer.exe" +InstallDir "$PROGRAMFILES\stunnel" +BrandingText "Author: Michal Trojnara" +LicenseData "${SRCDIR}/tools/stunnel.license" +SetCompressor /SOLID LZMA +InstallDirRegKey HKLM "Software\NSIS_stunnel" "Install_Dir" + +RequestExecutionLevel admin + +Page license +Page components +Page directory +Page instfiles + +UninstPage uninstConfirm +UninstPage instfiles + +Section "Stunnel Core Files (required)" + SectionIn RO + SetOutPath "$INSTDIR" + + # stop the service, exit stunnel + ReadRegStr $R0 HKLM \ + "Software\Microsoft\Windows NT\CurrentVersion" CurrentVersion + IfErrors skip_service_stop + ExecWait '"$INSTDIR\stunnel.exe" -stop -quiet' +skip_service_stop: + # skip if the previously installed stunnel version is older than 4.40 + GetDLLVersion "$INSTDIR\stunnel.exe" $R0 $R1 + IfErrors skip_process_exit + ExecWait '"$INSTDIR\stunnel.exe" -exit -quiet' +skip_process_exit: + + # write files + SetOverwrite off + File "${SRCDIR}/tools/stunnel.conf" + SetOverwrite on + #File "${DLLS}/*eay32.dll" + File "${DLLS}/libeay32.dll" + File "${DLLS}/ssleay32.dll" + File "${DLLS}/zlib1.dll" + File "${DLLS}/msvcr90.dll" + File "${DLLS}/Microsoft.VC90.CRT.manifest" + File "src/stunnel.exe" + File "${SRCDIR}/doc/stunnel.html" + WriteUninstaller "uninstall.exe" + + # add uninstaller registry entries + WriteRegStr HKLM "Software\NSIS_stunnel" "Install_Dir" "$INSTDIR" + WriteRegStr HKLM \ + "Software\Microsoft\Windows\CurrentVersion\Uninstall\stunnel" \ + "DisplayName" "stunnel" + WriteRegStr HKLM \ + "Software\Microsoft\Windows\CurrentVersion\Uninstall\stunnel" \ + "UninstallString" '"$INSTDIR\uninstall.exe"' + WriteRegDWORD HKLM \ + "Software\Microsoft\Windows\CurrentVersion\Uninstall\stunnel" \ + "NoModify" 1 + WriteRegDWORD HKLM \ + "Software\Microsoft\Windows\CurrentVersion\Uninstall\stunnel" \ + "NoRepair" 1 +SectionEnd + +Section "Self-signed Certificate Tools" sectionCA + SetOutPath "$INSTDIR" + + # write files + File "${DLLS}/openssl.exe" + File "${SRCDIR}/tools/stunnel.cnf" + IfSilent lbl_skip_new_pem + IfFileExists "$INSTDIR\stunnel.pem" lbl_skip_new_pem + ExecWait '"$INSTDIR\openssl.exe" req -new -x509 -days 365 -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem' +lbl_skip_new_pem: +SectionEnd + +Section "Start Menu Shortcuts" + SetShellVarContext all + CreateDirectory "$SMPROGRAMS\stunnel" + + # remove old links + Delete "$SMPROGRAMS\stunnel\*.lnk" + Delete "$SMPROGRAMS\stunnel\*.url" + + # main link + CreateShortCut "$SMPROGRAMS\stunnel\Run stunnel.lnk" \ + "$INSTDIR\stunnel.exe" "" "$INSTDIR\stunnel.exe" 0 + CreateShortCut "$SMPROGRAMS\stunnel\Exit stunnel.lnk" \ + "$INSTDIR\stunnel.exe" "-exit" "$INSTDIR\stunnel.exe" 0 + + # NT service + ClearErrors + ReadRegStr $R0 HKLM \ + "Software\Microsoft\Windows NT\CurrentVersion" CurrentVersion + IfErrors skip_service_links + CreateShortCut "$SMPROGRAMS\stunnel\Service install.lnk" \ + "$INSTDIR\stunnel.exe" "-install" "$INSTDIR\stunnel.exe" 0 + CreateShortCut "$SMPROGRAMS\stunnel\Service uninstall.lnk" \ + "$INSTDIR\stunnel.exe" "-uninstall" "$INSTDIR\stunnel.exe" 0 + CreateShortCut "$SMPROGRAMS\stunnel\Service start.lnk" \ + "$INSTDIR\stunnel.exe" "-start" "$INSTDIR\stunnel.exe" 0 + CreateShortCut "$SMPROGRAMS\stunnel\Service stop.lnk" \ + "$INSTDIR\stunnel.exe" "-stop" "$INSTDIR\stunnel.exe" 0 +skip_service_links: + + # edit config file + CreateShortCut "$SMPROGRAMS\stunnel\Edit stunnel.conf.lnk" \ + "notepad.exe" "stunnel.conf" "notepad.exe" 0 + + # OpenSSL shell + CreateShortCut "$SMPROGRAMS\stunnel\OpenSSL Shell.lnk" \ + "$INSTDIR\openssl.exe" "" "$INSTDIR\openssl.exe" 0 + + # make stunnel.pem + SectionGetFlags sectionCA $0 + IntOp $0 $0 & SF_SELECTED + IntCmp $0 0 lbl_noCA + CreateShortCut "$SMPROGRAMS\stunnel\Build Self-signed stunnel.pem.lnk" \ + "$INSTDIR\openssl.exe" \ + "req -new -x509 -days 365 -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem" +lbl_noCA: + + # help/uninstall + WriteINIStr "$SMPROGRAMS\stunnel\Manual.url" "InternetShortcut" \ + "URL" "file://$INSTDIR/stunnel.html" + CreateShortCut "$SMPROGRAMS\stunnel\Uninstall stunnel.lnk" \ + "$INSTDIR\uninstall.exe" "" "$INSTDIR\uninstall.exe" 0 +SectionEnd + +Section "Desktop Shortcut" + SetShellVarContext all + Delete "$DESKTOP\stunnel.lnk" + CreateShortCut "$DESKTOP\stunnel.lnk" \ + "$INSTDIR\stunnel.exe" "" "$INSTDIR\stunnel.exe" 0 +SectionEnd + +Section "Uninstall" + ClearErrors + + # stop and remove the service, exit stunnel + ReadRegStr $R0 HKLM \ + "Software\Microsoft\Windows NT\CurrentVersion" CurrentVersion + IfErrors skip_service_uninstall + ExecWait '"$INSTDIR\stunnel.exe" -stop -quiet' + ExecWait '"$INSTDIR\stunnel.exe" -uninstall -quiet' +skip_service_uninstall: + ExecWait '"$INSTDIR\stunnel.exe" -exit -quiet' + + # remove stunnel folder + Delete "$INSTDIR\stunnel.conf" + Delete "$INSTDIR\stunnel.pem" + Delete "$INSTDIR\stunnel.exe" + Delete "$INSTDIR\stunnel.cnf" + Delete "$INSTDIR\openssl.exe" + #Delete "$INSTDIR\*eay32.dll" + Delete "$INSTDIR\libeay32.dll" + Delete "$INSTDIR\ssleay32.dll" + Delete "$INSTDIR\zlib1.dll" + Delete "$INSTDIR\msvcr90.dll" + Delete "$INSTDIR\Microsoft.VC90.CRT.manifest" + Delete "$INSTDIR\stunnel.html" + Delete "$INSTDIR\uninstall.exe" + RMDir "$INSTDIR" + + # remove menu shortcuts + SetShellVarContext all + Delete "$DESKTOP\stunnel.lnk" + Delete "$SMPROGRAMS\stunnel\*.lnk" + Delete "$SMPROGRAMS\stunnel\*.url" + RMDir "$SMPROGRAMS\stunnel" + + # remove uninstaller registry entires + DeleteRegKey HKLM \ + "Software\Microsoft\Windows\CurrentVersion\Uninstall\stunnel" + DeleteRegKey HKLM "Software\NSIS_stunnel" +SectionEnd + +# end of stunnel.nsi diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in new file mode 100644 index 0000000..0f7adfa --- /dev/null +++ b/tools/stunnel.service.in @@ -0,0 +1,10 @@ +[Unit] +Description=SSL tunnel for network daemons +After=syslog.target + +[Service] +ExecStart=@prefix@/bin/stunnel +Type=forking + +[Install] +WantedBy=multi-user.target diff --git a/tools/stunnel.spec b/tools/stunnel.spec new file mode 100644 index 0000000..095ab5b --- /dev/null +++ b/tools/stunnel.spec @@ -0,0 +1,91 @@ +%define _prefix /usr +%define _sysconfdir /etc + +Summary: Program that wraps normal socket connections with SSL/TLS +Name: stunnel +Version: 4.53 +Release: 1 +Copyright: GPL +Group: Applications/Networking +Source: stunnel-%{version}.tar.gz +Packager: neeo +Requires: openssl >= 0.9.6g +BuildRequires: openssl-devel >= 0.9.6g +Buildroot: /var/tmp/stunnel-%{version}-root + +%description +The stunnel program is designed to work as SSL encryption wrapper +between remote clients and local (inetd-startable) or remote +servers. The concept is that having non-SSL aware daemons running on +your system you can easily set them up to communicate with clients over +secure SSL channels. +stunnel can be used to add SSL functionality to commonly used inetd +daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like +NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without +changes to the source code. + +%prep +%setup -n stunnel-%{version} + + +%build +if [ ! -x ./configure ]; then + autoconf + autoheader +fi + +CFLAGS="%{optflags}" ./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir} + +%{__make} + +%install +%{__rm} -rf %{buildroot} +%{__mkdir} -p %{buildroot}%{_sysconfdir}/stunnel +%{__mkdir} -p %{buildroot}%{_sbindir} +%{__mkdir} -p %{buildroot}%{_libdir} +%{__mkdir} -p %{buildroot}%{_mandir}/man8 +%{__mkdir} -p %{buildroot}%{_initrddir} + +%{__install} -m755 -s src/stunnel %{buildroot}%{_sbindir} +%{__install} -m755 src/.libs/libstunnel.so %{buildroot}%{_libdir} +%{__install} -m755 src/.libs/libstunnel.la %{buildroot}%{_libdir} +%{__install} -m644 doc/stunnel.8 %{buildroot}%{_mandir}/man8/stunnel.8.gz +%{__install} -m644 tools/stunnel.conf-sample %{buildroot}%{_sysconfdir}/stunnel +%{__install} -m500 tools/stunnel.init %{buildroot}%{_initrddir}/stunnel + +%clean +%{__rm} -rf %{buildroot} + +%post +ldconfig + +%postun +ldconfig + +%files +%defattr(-,root,root) +%doc COPYING COPYRIGHT.GPL README ChangeLog doc/stunnel.html doc/en/transproxy.txt doc/en/VNC_StunnelHOWTO.html +%doc tools/ca.html tools/ca.pl tools/importCA.html tools/importCA.sh tools/stunnel.cnf +%dir %{_sysconfdir}/stunnel +%config %{_sysconfdir}/stunnel/* +%{_sbindir}/stunnel +%{_libdir}/libstunnel.so +%{_libdir}/libstunnel.la +%{_mandir}/man8/stunnel.8.gz +%{_initrddir}/stunnel + +%changelog +* Fri Sep 09 2005 neeo +- lots of changes and cleanups + +* Wed Mar 17 2004 neeo +- updated for 4.05 + +* Sun Jun 24 2000 Brian Hatch +- updated for 3.8p3 + +* Wed Jul 14 1999 Dirk O. Siebnich +- updated for 3.5. + +* Mon Jun 07 1999 Dirk O. Siebnich +- adapted from sslwrap RPM spec file