From 8dd0350e1607aa30f7a043c8d5ec7a7eeb874115 Mon Sep 17 00:00:00 2001
From: Alberto Gonzalez Iniesta <agi@inittab.org>
Date: Mon, 5 Nov 2012 16:28:09 +0100
Subject: Imported Upstream version 2.3_rc1

---
 configure.ac | 1615 ++++++++++++++++++++++++++++++++--------------------------
 1 file changed, 884 insertions(+), 731 deletions(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index e0847bc..d3d974d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,6 +5,7 @@ dnl             packet encryption, packet authentication, and
 dnl             packet compression.
 dnl
 dnl  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+dnl  Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
 dnl
 dnl  This program is free software; you can redistribute it and/or modify
 dnl  it under the terms of the GNU General Public License as published by
@@ -23,333 +24,365 @@ dnl  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
 dnl Process this file with autoconf to produce a configure script.
 
-AC_PREREQ(2.50)
+AC_PREREQ(2.59)
 
 m4_include(version.m4)
-AC_INIT([OpenVPN], [PRODUCT_VERSION], [openvpn-users@lists.sourceforge.net], [openvpn])
-AM_CONFIG_HEADER(config.h)
-AC_CONFIG_SRCDIR(syshead.h)
-
-dnl Guess host type.
+AC_INIT([PRODUCT_NAME], [PRODUCT_VERSION], [PRODUCT_BUGREPORT], [PRODUCT_TARNAME])
+m4_include(compat.m4)
+AC_DEFINE([OPENVPN_VERSION_RESOURCE], [PRODUCT_VERSION_RESOURCE], [Version in windows resource format])
+
+AC_CONFIG_AUX_DIR([.])
+AM_CONFIG_HEADER([config.h])
+AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
+AC_CONFIG_MACRO_DIR([m4])
+AM_INIT_AUTOMAKE
 AC_CANONICAL_HOST
-AM_INIT_AUTOMAKE(openvpn, [$PACKAGE_VERSION])
-
-AC_ARG_WITH(cygwin-native,
-	[  --with-cygwin-native              Compile native win32],
-	[CYGWIN_NATIVE="${withval}"],
-	[CYGWIN_NATIVE="no"]
-)
-
-WIN32="no"
-CYGWIN="no"
-case "${host}" in
-	*-mingw*)
-		WIN32="yes"
-		cross_compiling="yes"
-	;;
-	*-*-cygwin*)
-		AC_MSG_CHECKING([cygwin mode to use])
-		if test "${CYGWIN_NATIVE}" = "yes"; then
-			AC_MSG_RESULT([Using native win32])
-			CFLAGS="${CFLAGS} -mno-cygwin"
-			CYGWIN="yes"
-			WIN32="yes"
-		else
-			AC_MSG_RESULT([Using cygwin])
-		fi
-	;;
-	*)
-	;;
-esac
-
-AC_ARG_ENABLE(lzo,
-   [  --disable-lzo           Disable LZO compression support],
-   [LZO="$enableval"],
-   [LZO="yes"]
-)
+AC_USE_SYSTEM_EXTENSIONS
 
-AC_ARG_ENABLE(crypto,
-   [  --disable-crypto        Disable OpenSSL crypto support],
-   [CRYPTO="$enableval"],
-   [CRYPTO="yes"]
+AC_ARG_ENABLE(
+	[lzo],
+	[AS_HELP_STRING([--disable-lzo], [disable LZO compression support @<:@default=yes@:>@])],
+	,
+	[enable_lzo="yes"]
 )
 
-AC_ARG_ENABLE(ssl,
-   [  --disable-ssl           Disable OpenSSL SSL support for TLS-based key exchange],
-   [SSL="$enableval"],
-   [SSL="yes"]
+AC_ARG_ENABLE(
+	[lzo-stub],
+	[AS_HELP_STRING([--enable-lzo-stub], [don't compile LZO compression support but still allow limited interoperability with LZO-enabled peers @<:@default=no@:>@])],
+	,
+	[enable_lzo_stub="no"]
 )
 
-AC_ARG_ENABLE(x509-alt-username,
-   [  --enable-x509-alt-username    Enable the --x509-username-field feature],
-   [X509ALTUSERNAME="$enableval"],
-   [X509ALTUSERNAME="no"]
+AC_ARG_ENABLE(
+	[crypto],
+	[AS_HELP_STRING([--disable-crypto], [disable crypto support @<:@default=yes@:>@])],
+	,
+	[enable_crypto="yes"]
 )
 
-AC_ARG_ENABLE(multi,
-   [  --disable-multi         Disable client/server support (--mode server + client mode)],
-   [MULTI="$enableval"],
-   [MULTI="yes"]
+AC_ARG_ENABLE(
+	[ssl],
+	[AS_HELP_STRING([--disable-ssl], [disable SSL support for TLS-based key exchange @<:@default=yes@:>@])],
+	,
+	[enable_ssl="yes"]
 )
 
-AC_ARG_ENABLE(server,
-   [  --disable-server        Disable server support only (but retain client support)],
-   [MULTI_SERVER="$enableval"],
-   [MULTI_SERVER="yes"]
+AC_ARG_ENABLE(
+	[x509-alt-username],
+	[AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])],
+	,
+	[enable_x509_alt_username="no"]
 )
 
-AC_ARG_ENABLE(plugins,
-   [  --disable-plugins       Disable plug-in support],
-   [PLUGINS="$enableval"],
-   [PLUGINS="yes"]
+AC_ARG_ENABLE(
+	[multi],
+	[AS_HELP_STRING([--disable-multi], [disable client/server support (--mode server + client mode) @<:@default=yes@:>@])],
+	,
+	[enable_multi="yes"]
 )
 
-AC_ARG_ENABLE(eurephia,
-   [  --disable-eurephia      Disable support for the eurephia plug-in],
-   [EUREPHIA="$enableval"],
-   [EUREPHIA="yes"]
+AC_ARG_ENABLE(
+	[server],
+	[AS_HELP_STRING([--disable-server], [disable server support only (but retain client support) @<:@default=yes@:>@])],
+	,
+	[enable_server="yes"]
 )
 
-AC_ARG_ENABLE(management,
-   [  --disable-management    Disable management server support],
-   [MANAGEMENT="$enableval"],
-   [MANAGEMENT="yes"]
+AC_ARG_ENABLE(
+	[plugins],
+	[AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])],
+	,
+	[enable_plugins="yes"]
 )
 
-AC_ARG_ENABLE(pkcs11,
-   [  --disable-pkcs11        Disable pkcs11 support],
-   [PKCS11="$enableval"],
-   [PKCS11="yes"]
+AC_ARG_ENABLE(
+	[eurephia],
+	[AS_HELP_STRING([--disable-eurephia], [disable support for the eurephia plug-in @<:@default=yes@:>@])],
+	,
+	[enable_eurephia="yes"]
 )
 
-AC_ARG_ENABLE(socks,
-   [  --disable-socks         Disable Socks support],
-   [SOCKS="$enableval"],
-   [SOCKS="yes"]
+AC_ARG_ENABLE(
+	[management],
+	[AS_HELP_STRING([--disable-management], [disable management server support @<:@default=yes@:>@])],
+	,
+	[enable_management="yes"]
 )
 
-AC_ARG_ENABLE(http,
-   [  --disable-http          Disable HTTP proxy support],
-   [HTTP_PROXY="$enableval"],
-   [HTTP_PROXY="yes"]
+AC_ARG_ENABLE(
+	[pkcs11],
+	[AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support @<:@default=no@:>@])],
+	,
+	[enable_pkcs11="no"]
 )
 
-AC_ARG_ENABLE(fragment,
-   [  --disable-fragment      Disable internal fragmentation support (--fragment)],
-   [FRAGMENT="$enableval"],
-   [FRAGMENT="yes"]
+AC_ARG_ENABLE(
+	[socks],
+	[AS_HELP_STRING([--disable-socks], [disable Socks support @<:@default=yes@:>@])],
+	,
+	[enable_socks="yes"]
 )
 
-AC_ARG_ENABLE(multihome,
-   [  --disable-multihome     Disable multi-homed UDP server support (--multihome)],
-   [MULTIHOME="$enableval"],
-   [MULTIHOME="yes"]
+AC_ARG_ENABLE(
+	[http-proxy],
+	[AS_HELP_STRING([--disable-http-proxy], [disable HTTP proxy support @<:@default=yes@:>@])],
+	,
+	[enable_http_proxy="yes"]
 )
 
-AC_ARG_ENABLE(port-share,
-   [  --disable-port-share    Disable TCP server port-share support (--port-share)],
-   [PORT_SHARE="$enableval"],
-   [PORT_SHARE="yes"]
+AC_ARG_ENABLE(
+	[fragment],
+	[AS_HELP_STRING([--disable-fragment], [disable internal fragmentation support (--fragment) @<:@default=yes@:>@])],
+	,
+	[enable_fragment="yes"]
 )
 
-AC_ARG_ENABLE(debug,
-   [  --disable-debug         Disable debugging support (disable gremlin and verb 7+ messages)],
-   [DEBUG="$enableval"],
-   [DEBUG="yes"]
+AC_ARG_ENABLE(
+	[multihome],
+	[AS_HELP_STRING([--disable-multihome], [disable multi-homed UDP server support (--multihome) @<:@default=yes@:>@])],
+	,
+	[enable_multihome="yes"]
 )
 
-AC_ARG_ENABLE(small,
-   [  --enable-small          Enable smaller executable size (disable OCC, usage message, and verb 4 parm list)],
-   [SMALL="$enableval"],
-   [SMALL="no"]
+AC_ARG_ENABLE(
+	[port-share],
+	[AS_HELP_STRING([--disable-port-share], [disable TCP server port-share support (--port-share) @<:@default=yes@:>@])],
+	,
+	[enable_port_share="yes"]
 )
 
-AC_ARG_ENABLE(password-save,
-   [  --enable-password-save  Allow --askpass and --auth-user-pass passwords to be read from a file],
-   [PASSWORD_SAVE="$enableval"],
-   [PASSWORD_SAVE="no"]
+AC_ARG_ENABLE(
+	[debug],
+	[AS_HELP_STRING([--disable-debug], [disable debugging support (disable gremlin and verb 7+ messages) @<:@default=yes@:>@])],
+	,
+	[enable_debug="yes"]
 )
 
-AC_ARG_ENABLE(iproute2,
-   [  --enable-iproute2       Enable support for iproute2],
-   test $enableval = "yes" && AC_DEFINE(CONFIG_FEATURE_IPROUTE, 1, [enable iproute2 support])   
+AC_ARG_ENABLE(
+	[small],
+	[AS_HELP_STRING([--enable-small], [enable smaller executable size (disable OCC, usage message, and verb 4 parm list) @<:@default=yes@:>@])],
+	,
+	[enable_small="no"]
 )
 
-AC_ARG_ENABLE(def-auth,
-   [  --disable-def-auth      Disable deferred authentication],
-   [DEF_AUTH="$enableval"],
-   [DEF_AUTH="yes"]
+AC_ARG_ENABLE(
+	[password-save],
+	[AS_HELP_STRING([--enable-password-save], [allow --askpass and --auth-user-pass passwords to be read from a file @<:@default=yes@:>@])],
+	,
+	[enable_password_save="no"]
 )
 
-AC_ARG_ENABLE(pf,
-   [  --disable-pf            Disable internal packet filter],
-   [PF="$enableval"],
-   [PF="yes"]
+AC_ARG_ENABLE(
+	[iproute2],
+	[AS_HELP_STRING([--enable-iproute2], [enable support for iproute2 @<:@default=no@:>@])],
+	,
+	[enable_iproute2="no"]
 )
 
-AC_ARG_ENABLE(strict,
-   [  --enable-strict         Enable strict compiler warnings (debugging option)],
-   [STRICT="$enableval"],
-   [STRICT="no"]
+AC_ARG_ENABLE(
+	[def-auth],
+	[AS_HELP_STRING([--disable-def-auth], [disable deferred authentication @<:@default=yes@:>@])],
+	,
+	[enable_def_auth="yes"]
 )
 
-AC_ARG_ENABLE(pedantic,
-   [  --enable-pedantic       Enable pedantic compiler warnings, will not generate a working executable (debugging option)],
-   [PEDANTIC="$enableval"],
-   [PEDANTIC="no"]
+AC_ARG_ENABLE(
+	[pf],
+	[AS_HELP_STRING([--disable-pf], [disable internal packet filter @<:@default=yes@:>@])],
+	,
+	[enable_pf="yes"]
 )
 
-AC_ARG_ENABLE(profiling,
-   [  --enable-profiling      Enable profiling (debugging option)],
-   [PROFILE="$enableval"],
-   [PROFILE="no"]
+AC_ARG_ENABLE(
+	[plugin-auth-pam],
+	[AS_HELP_STRING([--disable-plugin-auth-pam], [disable auth-pam plugin @<:@default=platform specific@:>@])],
+	,
+	[
+		case "$host" in
+			*-*-openbsd*) enable_plugin_auth_pam="no";;
+			*-mingw*) enable_plugin_auth_pam="no";;
+			*) enable_plugin_auth_pam="yes";;
+		esac
+	]
 )
 
-AC_ARG_ENABLE(strict-options,
-   [  --enable-strict-options Enable strict options check between peers (debugging option)],
-   [STRICT_OPTIONS="$enableval"],
-   [STRICT_OPTIONS="no"]
+AC_ARG_ENABLE(
+	[plugin-down-root],
+	[AS_HELP_STRING([--disable-plugin-down-root], [disable down-root plugin @<:@default=platform specific@:>@])],
+	,
+	[
+		case "$host" in
+			*-mingw*) enable_plugin_down_root="no";;
+			*) enable_plugin_down_root="yes";;
+		esac
+	]
 )
 
-AC_ARG_ENABLE(selinux,
-   [  --disable-selinux       Disable SELinux support],
-   [SELINUX="$enableval"],
-   [SELINUX="yes"]
+AC_ARG_ENABLE(
+	[pam-dlopen],
+	[AS_HELP_STRING([--enable-pam-dlopen], [dlopen libpam @<:@default=no@:>@])],
+	,
+	[enable_pam_dlopen="no"]
 )
 
-AC_ARG_WITH(ssl-headers,
-   [  --with-ssl-headers=DIR  Crypto/SSL Include files location],
-   [CS_HDR_DIR="$withval"]
-   [CPPFLAGS="$CPPFLAGS -I$withval"] 
+AC_ARG_ENABLE(
+	[strict],
+	[AS_HELP_STRING([--enable-strict], [enable strict compiler warnings (debugging option) @<:@default=no@:>@])],
+	,
+	[enable_strict="no"]
 )
 
-AC_ARG_WITH(ssl-lib,
-   [  --with-ssl-lib=DIR      Crypto/SSL Library location],
-   [LDFLAGS="$LDFLAGS -L$withval"] 
+AC_ARG_ENABLE(
+	[pedantic],
+	[AS_HELP_STRING([--enable-pedantic], [enable pedantic compiler warnings, will not generate a working executable (debugging option) @<:@default=no@:>@])],
+	,
+	[enable_pedantic="no"]
 )
 
-AC_ARG_WITH(lzo-headers,
-   [  --with-lzo-headers=DIR  LZO Include files location],
-   [LZO_HDR_DIR="$withval"]
-   [CPPFLAGS="$CPPFLAGS -I$withval"] 
+AC_ARG_ENABLE(
+	[strict-options],
+	[AS_HELP_STRING([--enable-strict-options], [enable strict options check between peers (debugging option) @<:@default=no@:>@])],
+	,
+	[enable_strict_options="no"]
 )
 
-AC_ARG_WITH(lzo-lib,
-   [  --with-lzo-lib=DIR      LZO Library location],
-   [LDFLAGS="$LDFLAGS -L$withval"] 
+AC_ARG_ENABLE(
+	[selinux],
+	[AS_HELP_STRING([--enable-selinux], [enable SELinux support @<:@default=no@:>@])],
+	,
+	[enable_selinux="no"]
 )
 
-AC_ARG_WITH(pkcs11-helper-headers,
-   [  --with-pkcs11-helper-headers=DIR pkcs11-helper Include files location],
-   [PKCS11_HELPER_HDR_DIR="$withval"]
-   [CPPFLAGS="$CPPFLAGS -I$withval"] 
+AC_ARG_ENABLE(
+	[systemd],
+	[AS_HELP_STRING([--enable-systemd], [enable systemd suppport @<:@default=no@:>@])],
+	,
+	[enable_systemd="no"]
 )
 
-AC_ARG_WITH(pkcs11-helper-lib,
-   [  --with-pkcs11-helper-lib=DIR     pkcs11-helper Library location],
-   [LDFLAGS="$LDFLAGS -L$withval"] 
+AC_ARG_WITH(
+	[special-build],
+	[AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
+	[test -n "${withval}" && AC_DEFINE_UNQUOTED([CONFIGURE_SPECIAL_BUILD], ["${withval}"], [special build string])]
 )
 
-AC_ARG_WITH(ifconfig-path,
-   [  --with-ifconfig-path=PATH   Path to ifconfig tool],
-   [IFCONFIG="$withval"],
-   [AC_PATH_PROG([IFCONFIG], [ifconfig], [ifconfig], [$PATH:/usr/local/sbin:/usr/sbin:/sbin])]
-)
-AC_DEFINE_UNQUOTED(IFCONFIG_PATH, "$IFCONFIG", [Path to ifconfig tool])
-
-AC_ARG_WITH(iproute-path,
-   [  --with-iproute-path=PATH    Path to iproute tool],
-   [IPROUTE="$withval"],
-   [AC_PATH_PROG([IPROUTE], [ip], [ip], [$PATH:/usr/local/sbin:/usr/sbin:/sbin])]
-)
-AC_DEFINE_UNQUOTED(IPROUTE_PATH, "$IPROUTE", [Path to iproute tool])
-
-
-AC_ARG_WITH(route-path,
-   [  --with-route-path=PATH  Path to route tool],
-   [ROUTE="$withval"],
-   [AC_PATH_PROG([ROUTE], [route], [route], [$PATH:/usr/local/sbin:/usr/sbin:/sbin])]
+AC_ARG_WITH(
+	[mem-check],
+	[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|dmalloc|valgrind|ssl @<:@default=no@:>@])],
+	[
+		case "${withval}" in
+			dmalloc|valgrind|ssl|no) ;;
+			*) AC_MSG_ERROR([bad value ${withval} for --mem-check]) ;;
+		esac
+	],
+	[with_mem_check="no"]
 )
-AC_DEFINE_UNQUOTED(ROUTE_PATH, "$ROUTE", [Path to route tool])
 
-AC_ARG_WITH(netstat-path,
-   [  --with-netstat-path=PATH  Path to netstat tool],
-   [NETSTAT="$withval"],
-   [AC_PATH_PROG([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc])]
+AC_ARG_WITH(
+	[crypto-library],
+	[AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|polarssl @<:@default=openssl@:>@])],
+	[
+		case "${withval}" in 
+			openssl|polarssl) ;;
+			*) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
+		esac
+	],
+	[with_crypto_library="openssl"]
 )
-AC_DEFINE_UNQUOTED(NETSTAT_PATH, "$NETSTAT", [Path to netstat tool])
 
-AC_ARG_WITH(mem-check,
-   [  --with-mem-check=TYPE  Build with debug memory checking, TYPE = dmalloc or valgrind],
-   [MEMCHECK="$withval"]
+AC_ARG_WITH(
+	[plugindir],
+	[AS_HELP_STRING([--with-plugindir], [plugin directory @<:@default=LIBDIR/openvpn@:>@])],
+	,
+	[with_plugindir="\$(libdir)/openvpn/plugins"]
 )
 
-dnl fix search path, to allow compilers to find syshead.h
-CPPFLAGS="$CPPFLAGS -I${srcdir}"
 
-dnl check host OS
-openvpn_host=$host
-if test $host_alias; then
-  openvpn_host=$host_alias
-fi
-AC_DEFINE_UNQUOTED(TARGET_ALIAS, "$openvpn_host", [A string representing our host])
+AC_DEFINE_UNQUOTED([TARGET_ALIAS], ["${host}"], [A string representing our host])
 case "$host" in
-*-*-linux*)
-	AC_DEFINE(TARGET_LINUX, 1, [Are we running on Linux?])
-	dnl RH9 SSL headers workaround
-        if test -z $CS_HDR_DIR && test "$CRYPTO" = "yes"; then
-           CPPFLAGS="$CPPFLAGS $(pkg-config --cflags openssl 2>/dev/null)"
-        fi
-	;;
-*-*-solaris*)
-	AC_DEFINE(TARGET_SOLARIS, 1, [Are we running on Solaris?])
-	;;
-*-*-openbsd*)
-	AC_DEFINE(TARGET_OPENBSD, 1, [Are we running on OpenBSD?])
-	;;
-*-*-freebsd*)
-	AC_DEFINE(TARGET_FREEBSD, 1, [Are we running on FreeBSD?])
-	;;
-*-*-netbsd*)
-	AC_DEFINE(TARGET_NETBSD, 1, [Are we running NetBSD?])
-	;;
-*-*-darwin*)
-	dnl some Mac OS X tendering (we use vararg macros...)
-	AC_DEFINE(TARGET_DARWIN, 1, [Are we running on Mac OS X?])
-	CPPFLAGS="$CPPFLAGS -no-cpp-precomp"
-	;;
-*-mingw*)
-	AC_DEFINE(TARGET_WIN32, 1, [Are we running WIN32?])
-	CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
-	OPENVPN_ADD_LIBS(-lgdi32)
-	OPENVPN_ADD_LIBS(-lws2_32)
-	OPENVPN_ADD_LIBS(-lwininet)
-	OPENVPN_ADD_LIBS(-lcrypt32)
-	OPENVPN_ADD_LIBS(-liphlpapi)
-	OPENVPN_ADD_LIBS(-lwinmm)
-	;;
-*-*-dragonfly*)
-	AC_DEFINE(TARGET_DRAGONFLY, 1, [Are we running on DragonFlyBSD?])
-	;;
-	
+	*-*-linux*)
+		AC_DEFINE([TARGET_LINUX], [1], [Are we running on Linux?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["L"], [Target prefix])
+		;;
+	*-*-solaris*)
+		AC_DEFINE([TARGET_SOLARIS], [1], [Are we running on Solaris?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["S"], [Target prefix])
+		;;
+	*-*-openbsd*)
+		AC_DEFINE([TARGET_OPENBSD], [1], [Are we running on OpenBSD?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["O"], [Target prefix])
+		;;
+	*-*-freebsd*)
+		AC_DEFINE([TARGET_FREEBSD], [1], [Are we running on FreeBSD?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["F"], [Target prefix])
+		;;
+	*-*-netbsd*)
+		AC_DEFINE([TARGET_NETBSD], [1], [Are we running NetBSD?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["N"], [Target prefix])
+		;;
+	*-*-darwin*)
+		AC_DEFINE([TARGET_DARWIN], [1], [Are we running on Mac OS X?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["M"], [Target prefix])
+		have_tap_header="yes"
+		dnl some Mac OS X tendering (we use vararg macros...)
+		CPPFLAGS="$CPPFLAGS -no-cpp-precomp"
+		;;
+	*-mingw*)
+		AC_DEFINE([TARGET_WIN32], [1], [Are we running WIN32?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["W"], [Target prefix])
+		CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
+		CPPFLAGS="${CPPFLAGS} -DNTDDI_VERSION=NTDDI_WINXP -D_WIN32_WINNT=_WIN32_WINNT_WINXP"
+		WIN32=yes
+		;;
+	*-*-dragonfly*)
+		AC_DEFINE([TARGET_DRAGONFLY], [1], [Are we running on DragonFlyBSD?])
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["D"], [Target prefix])
+		;;
+	*)
+		AC_DEFINE_UNQUOTED([TARGET_PREFIX], ["X"], [Target prefix])
+		have_tap_header="yes"
+		;;
 esac
 
-dnl Checks for programs.
-AC_PROG_CC
+PKG_PROG_PKG_CONFIG
+AC_PROG_CPP
 AC_PROG_INSTALL
-AC_PROG_GCC_TRADITIONAL
-AC_GNU_SOURCE
-
-if test "${WIN32}" = "yes"; then
-	AC_ARG_VAR([MAN2HTML], [man2html utility])
-	AC_CHECK_PROGS([MAN2HTML], [man2html])
-	test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
-fi
-
-dnl Checks for header files.
-AC_HEADER_STDC
+AC_PROG_LN_S
+AC_PROG_SED
+AC_PROG_MAKE_SET
+
+AC_ARG_VAR([IFCONFIG], [full path to ipconfig utility])
+AC_ARG_VAR([ROUTE], [full path to route utility])
+AC_ARG_VAR([IPROUTE], [full path to ip utility])
+AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests
+AC_ARG_VAR([MAN2HTML], [path to man2html utility])
+AC_ARG_VAR([GIT], [path to git utility])
+AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin])
+AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests
+AC_CHECK_PROGS([MAN2HTML], [man2html])
+AC_CHECK_PROGS([GIT], [git]) # optional
+AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool])
+AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool])
+AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool])
+
+#
+# Libtool
+#
+ifdef(
+	[LT_INIT],
+	[
+		LT_INIT([win32-dll])
+		LT_LANG([Windows Resource])
+	],
+	[
+		AC_LIBTOOL_WIN32_DLL
+		AC_LIBTOOL_RC
+		AC_PROG_LIBTOOL
+	]
+)
 
-dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
 AC_C_INLINE
 AC_C_VOLATILE
@@ -357,560 +390,680 @@ AC_TYPE_OFF_T
 AC_TYPE_PID_T
 AC_TYPE_SIZE_T
 AC_TYPE_UID_T
-TYPE_SOCKLEN_T
-AC_HEADER_TIME
+AC_TYPE_INT8_T
+AC_TYPE_INT16_T
+AC_TYPE_INT32_T
+AC_TYPE_INT64_T
+AC_TYPE_UINT8_T
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+AC_TYPE_UINT64_T
+AC_TYPE_SIGNAL
 AX_CPP_VARARG_MACRO_ISO
 AX_CPP_VARARG_MACRO_GCC
+AX_TYPE_SOCKLEN_T
 AX_EMPTY_ARRAY
+AC_CHECK_SIZEOF([unsigned int])
+AC_CHECK_SIZEOF([unsigned long])
+AC_CHECK_HEADERS([ \
+	stdio.h stdarg.h stdbool.h limits.h \
+	time.h errno.h fcntl.h io.h direct.h \
+	ctype.h sys/types.h sys/socket.h \
+	signal.h unistd.h dlfcn.h \
+	netinet/in.h netinet/in_systm.h \
+	netinet/tcp.h arpa/inet.h netdb.h \
+	windows.h winsock2.h ws2tcpip.h \
+])
+AC_CHECK_HEADERS([ \
+	sys/time.h sys/ioctl.h sys/stat.h \
+	sys/mman.h sys/file.h sys/wait.h \
+	unistd.h signal.h libgen.h stropts.h \
+	syslog.h pwd.h grp.h \
+	sys/sockio.h sys/uio.h linux/sockios.h \
+	linux/types.h sys/poll.h sys/epoll.h err.h \
+])
 
-dnl Check for more header files.
-AC_CHECK_HEADERS(fcntl.h stdlib.h dnl
-		 stdarg.h stdio.h string.h dnl
-		 strings.h ctype.h errno.h dnl
-)
-
-if test "${WIN32}" != "yes"; then
-   AC_HEADER_SYS_WAIT
-   AC_CHECK_HEADERS(sys/time.h sys/socket.h sys/un.h sys/ioctl.h sys/stat.h dnl
-		 sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h dnl
-		 stdarg.h unistd.h signal.h stdio.h string.h dnl
-		 strings.h ctype.h errno.h syslog.h pwd.h grp.h dnl
-		 net/if_tun.h net/tun/if_tun.h stropts.h sys/sockio.h dnl
-		 netinet/in.h netinet/in_systm.h dnl
-		 netinet/tcp.h arpa/inet.h dnl
-		 netdb.h sys/uio.h linux/if_tun.h linux/sockios.h dnl
-		 linux/types.h sys/poll.h sys/epoll.h err.h dnl
-   )
-   AC_CHECK_HEADERS(net/if.h,,,
-		 [#ifdef HAVE_SYS_TYPES_H
-		  # include <sys/types.h>
-		  #endif
-		  #ifdef HAVE_SYS_SOCKET_H
-		  # include <sys/socket.h>
-		  #endif
-		 ])
-   AC_CHECK_HEADERS(netinet/ip.h,,,
-		 [#ifdef HAVE_SYS_TYPES_H
-		  # include <sys/types.h>
-		  #endif
-		  #ifdef HAVE_NETINET_IN_H
-		  # include <netinet/in.h>
-		  #endif
-		  #ifdef HAVE_NETINET_IN_SYSTM_H
-		  # include <netinet/in_systm.h>
-		  #endif
-		 ])
-   AC_CHECK_HEADERS(netinet/if_ether.h,,,
-		 [#ifdef HAVE_SYS_TYPES_H
-		  # include <sys/types.h>
-		  #endif
-		  #ifdef HAVE_SYS_SOCKET_H
-		  # include <sys/socket.h>
-		  #endif
-		  #ifdef HAVE_NETINET_IN_H
-		  # include <netinet/in.h>
-		  #endif
-		 ])
-   AC_CHECK_HEADERS(resolv.h,,,
-		 [#ifdef HAVE_NETINET_IN_H 
-		  # include <netinet/in.h>
-		  #endif
-		 ])
-   AC_CHECK_HEADERS(linux/errqueue.h,,,
-	[#ifdef HAVE_LINUX_TYPES_H
-	 # include <linux/types.h>
-	 #endif
-	])
-fi
-
-AC_CACHE_SAVE
+SOCKET_INCLUDES="
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_WINDOWS_H
+#include <windows.h>
+#endif
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+"
+
+AC_CHECK_HEADERS(
+	[net/if.h netinet/ip.h netinet/if_ether.h resolv.h sys/un.h],
+	,
+	,
+	[[${SOCKET_INCLUDES}]]
+)
 
-dnl check that in_addr_t is defined
-AC_CHECK_TYPE(
+AC_CHECK_TYPES(
 	[in_addr_t],
-	[],
-	[AC_DEFINE(in_addr_t, uint32_t, [Some systems don't define in_addr_t])],
-	[#include "syshead.h"])
-
-dnl check for basic types
-AC_CHECK_TYPE(
-	[uint8_t],
-	[],
-	[AC_DEFINE(uint8_t, unsigned char, [8-bit unsigned type])],
-	[#include "syshead.h"])
-AC_CHECK_TYPE(
-	[uint16_t],
-	[],
-	[AC_DEFINE(uint16_t, unsigned char, [16-bit unsigned type])],
-	[#include "syshead.h"])
-AC_CHECK_TYPE(
-	[uint32_t],
-	[],
-	[AC_DEFINE(uint32_t, unsigned long, [32-bit unsigned type])],
-	[#include "syshead.h"])
-
-dnl check for IPv6 types
-AC_CHECK_TYPE(
-	[struct tun_pi],
-	[AC_DEFINE(HAVE_TUN_PI, 1, [struct tun_pi needed for IPv6 support])],
-	[],
-	[#include "syshead.h"])
+	,
+	[AC_DEFINE([in_addr_t], [uint32_t], [Workaround missing in_addr_t])],
+	[[${SOCKET_INCLUDES}]]
+)
 AC_CHECK_TYPE(
 	[struct iphdr],
-	[AC_DEFINE(HAVE_IPHDR, 1, [struct iphdr needed for IPv6 support])],
-	[],
-	[#include "syshead.h"])
-AC_CHECK_TYPE(
-	[struct iovec],
-	[AC_DEFINE(HAVE_IOVEC, 1, [struct iovec needed for IPv6 support])],
-	[],
-	[#include "syshead.h"])
-
-dnl check for extended socket error types
+	[AC_DEFINE([HAVE_IPHDR], [1], [struct iphdr needed for IPv6 support])],
+	,
+	[[${SOCKET_INCLUDES}]]
+)
 AC_CHECK_TYPE(
 	[struct sock_extended_err],
-	[AC_DEFINE(HAVE_SOCK_EXTENDED_ERR, 1, [struct sock_extended_err needed for extended socket error support])],
-	[],
-	[#include "syshead.h"])
+	[AC_DEFINE([HAVE_SOCK_EXTENDED_ERR], [1], [struct sock_extended_err needed for extended socket error support])],
+	,
+	[[${SOCKET_INCLUDES}]]
+)
 AC_CHECK_TYPE(
 	[struct msghdr],
-	[AC_DEFINE(HAVE_MSGHDR, 1, [struct msghdr needed for extended socket error support])],
-	[],
-	[#include "syshead.h"])
+	[AC_DEFINE([HAVE_MSGHDR], [1], [struct msghdr needed for extended socket error support])],
+	,
+	[[${SOCKET_INCLUDES}]]
+)
 AC_CHECK_TYPE(
 	[struct cmsghdr],
-	[AC_DEFINE(HAVE_CMSGHDR, 1, [struct cmsghdr needed for extended socket error support])],
-	[],
-	[#include "syshead.h"])
+	[AC_DEFINE([HAVE_CMSGHDR], [1], [struct cmsghdr needed for extended socket error support])],
+	,
+	[[${SOCKET_INCLUDES}]]
+)
 AC_CHECK_TYPE(
 	[struct in_pktinfo],
-	[AC_DEFINE(HAVE_IN_PKTINFO, 1, [struct in_pktinfo needed for IP_PKTINFO support])],
-	[],
-	[#include "syshead.h"])
+	[AC_DEFINE([HAVE_IN_PKTINFO], [1], [struct in_pktinfo needed for IP_PKTINFO support])],
+	,
+	[[${SOCKET_INCLUDES}]]
+)
+AC_CHECK_TYPE(
+	[struct sockaddr_in6],
+	,
+	[AC_MSG_ERROR([struct sockaddr_in6 not found, needed for ipv6 transport support.])],
+	[[${SOCKET_INCLUDES}]]
+)
+AC_CHECK_DECLS(
+	[SO_MARK],
+	,
+	,
+	[[${SOCKET_INCLUDES}]]
+)
+
+dnl We emulate signals in Windows
+AC_CHECK_DECLS(
+	[SIGHUP],
+	,
+	[AC_DEFINE([SIGHUP], [1], [SIGHUP replacement])],
+	[[
+		#ifdef HAVE_SIGNAL_H
+		#include <signal.h>
+		#endif
+	]]
+)
+AC_CHECK_DECLS(
+	[SIGINT],
+	,
+	[AC_DEFINE([SIGINT], [2], [SIGINT replacement])],
+	[[
+		#ifdef HAVE_SIGNAL_H
+		#include <signal.h>
+		#endif
+	]]
+)
+AC_CHECK_DECLS(
+	[SIGUSR1],
+	,
+	[AC_DEFINE([SIGUSR1], [10], [SIGUSR1 replacement])],
+	[[
+		#ifdef HAVE_SIGNAL_H
+		#include <signal.h>
+		#endif
+	]]
+)
+AC_CHECK_DECLS(
+	[SIGUSR2],
+	,
+	[AC_DEFINE([SIGUSR2], [12], [SIGUSR2 replacement])],
+	[[
+		#ifdef HAVE_SIGNAL_H
+		#include <signal.h>
+		#endif
+	]]
+)
+AC_CHECK_DECLS(
+	[SIGTERM],
+	,
+	[AC_DEFINE([SIGTERM], [15], [SIGTERM replacement])],
+	[[
+		#ifdef HAVE_SIGNAL_H
+		#include <signal.h>
+		#endif
+	]]
+)
 
-AC_CHECK_SIZEOF(unsigned int)
-AC_CHECK_SIZEOF(unsigned long)
+AC_FUNC_FORK
 
-AC_CACHE_SAVE
+AC_CHECK_FUNCS([ \
+	daemon chroot getpwnam setuid nice system getpid dup dup2 \
+	getpass strerror syslog openlog mlockall getgrnam setgid \
+	setgroups stat flock readv writev time gettimeofday \
+	ctime memset vsnprintf strdup \
+	setsid chdir putenv getpeername unlink \
+	chsize ftruncate execve getpeereid umask basename dirname access \
+	epoll_create \
+])
 
-AC_CHECK_FUNCS([ctime memset vsnprintf strdup], ,
-               [AC_MSG_ERROR([Required library function not found])])
-AC_CHECK_FUNCS(daemon chroot getpwnam setuid nice system getpid dup dup2 dnl
-	       getpass strerror syslog openlog mlockall getgrnam setgid dnl
-	       setgroups stat flock readv writev time dnl
-	       setsid chdir putenv getpeername unlink dnl
-	       chsize ftruncate execve getpeereid umask)
+AC_CHECK_LIB(
+	[dl],
+	[dlopen],
+	[DL_LIBS="-ldl"]
+)
+AC_SUBST([DL_LIBS])
 
+AC_CHECK_LIB(
+	[nsl],
+	[inet_ntoa],
+	[SOCKETS_LIBS="${SOCKETS_LIBS} -lnsl"]
+)
+AC_CHECK_LIB(
+	[socket],
+	[socket],
+	[SOCKETS_LIBS="${SOCKETS_LIBS} -lsocket"]
+)
+AC_CHECK_LIB(
+	[resolv],
+	[gethostbyname],
+	[SOCKETS_LIBS="${SOCKETS_LIBS} -lresolv"]
+)
+AC_SUBST([SOCKETS_LIBS])
+
+old_LIBS="${LIBS}"
+LIBS="${LIBS} ${SOCKETS_LIBS}"
+AC_CHECK_FUNCS([sendmsg recvmsg inet_ntop inet_pton])
+AC_CHECK_FUNCS(
+	[res_init],
+	,
+	,
+	[[#include <resolv.h>]]
+)
 # Windows use stdcall for winsock so we cannot auto detect these
-m4_define([SOCKET_FUNCS], [socket recv recvfrom send sendto listen dnl
-          accept connect bind select gethostbyname inet_ntoa])
-m4_define([SOCKET_OPT_FUNCS], [setsockopt getsockopt getsockname poll])
-
+m4_define(
+	[SOCKET_FUNCS],
+[socket recv recvfrom send sendto listen dnl
+accept connect bind select gethostbyname inet_ntoa]dnl
+)
+m4_define(
+	[SOCKET_OPT_FUNCS],
+	[setsockopt getsockopt getsockname poll]dnl
+)
 if test "${WIN32}" = "yes"; then
-
-	AC_DEFINE([HAVE_GETTIMEOFDAY], [1], [We fake gettimeofday for win32 at otime.c])
-	m4_foreach([F], m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
-		m4_define(UF, [[m4_join([_], [HAVE], m4_toupper(F))]])
-		AC_DEFINE([UF], [1], [Win32 builtin]))
-
+	m4_foreach(
+		[F],
+		m4_split(SOCKET_FUNCS SOCKET_OPT_FUNCS),
+			m4_define([UF], [[m4_join([_], [HAVE], m4_toupper(F))]])
+			AC_DEFINE([UF], [1], [Win32 builtin])
+	)
 else
-
-	dnl check for other types
-	AC_TYPE_SIGNAL
-
-	dnl Check for libsocket
-	AC_SEARCH_LIBS(socket, socket)
-
-	dnl Check for libnsl
-	AC_SEARCH_LIBS(inet_ntoa, nsl)
-
-	dnl Check for libresolv
-	AC_SEARCH_LIBS(gethostbyname, resolv nsl)
-
-	dnl optional library functions
-	AC_FUNC_FORK
-
-	AC_CHECK_FUNCS(gettimeofday)
-
-	AC_CHECK_FUNCS(SOCKET_FUNCS, ,
-	       [AC_MSG_ERROR([Required library function not found])])
-	AC_CHECK_FUNCS(SOCKET_OPT_FUNCS sendmsg recvmsg)
-
+	AC_CHECK_FUNCS(
+		SOCKET_FUNCS,
+		,
+		[AC_MSG_ERROR([Required library function not found])]
+	)
+	AC_CHECK_FUNCS(SOCKET_OPT_FUNCS)
 fi
-
-dnl Required library functions
-AC_FUNC_MEMCMP
-
-dnl
-dnl Check for res_init
-dnl
-AC_TRY_LINK([
-    #include <resolv.h>
-  ], [
-    res_init ();
-  ], [
-    AC_MSG_RESULT([res_init DEFINED])
-    AC_DEFINE([HAVE_RES_INIT], 1, [Indicates if res_init is available])
-  ], [
-    AC_MSG_RESULT([res_init UNDEFINED])
-  ])
-
-dnl
-dnl check libraries
-dnl
-
-dnl Checking for a working epoll
-AC_CHECKING([for working epoll implementation])
-OLDLDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -Wl,--fatal-warnings"
-AC_CHECK_FUNC(epoll_create, AC_DEFINE(HAVE_EPOLL_CREATE, 1, [epoll_create function is defined]))
-LDFLAGS="$OLDLDFLAGS"
-
-dnl
-dnl check for valgrind tool
-dnl
-
-if test "$MEMCHECK" = "valgrind"; then
-   AC_CHECKING([for valgrind tool and Header files])
-   AC_CHECK_HEADER(valgrind/memcheck.h, 
-        [
-	    AC_DEFINE(USE_VALGRIND, 1, [Use valgrind memory debugging library])
-	    CFLAGS="-g -fno-inline"
+LIBS="${old_LIBS}"
+
+AC_ARG_VAR([TAP_CFLAGS], [C compiler flags for tap])
+old_CFLAGS="${CFLAGS}"
+CFLAGS="${CFLAGS} ${TAP_CFLAGS}"
+AC_CHECK_HEADERS(
+	[ \
+		net/if_tun.h net/tun/if_tun.h \
+		linux/if_tun.h \
+		tap-windows.h \
 	],
-        [AC_MSG_ERROR([valgrind headers not found.])]
-   )
-fi
-
-dnl
-dnl check for dmalloc library
-dnl
+	[have_tap_header="yes"]
+)
+AC_CHECK_DECLS(
+	[TUNSETPERSIST],
+	[AC_DEFINE([ENABLE_FEATURE_TUN_PERSIST], [1], [We have persist tun capability])],
+	,
+	[[
+		#ifdef HAVE_LINUX_IF_TUN_H
+		#include <linux/if_tun.h>
+		#endif
+	]]
+)
+CFLAGS="${old_CFLAGS}"
+test "${have_tap_header}" = "yes" || AC_MSG_ERROR([no tap header could be found])
 
-if test "$MEMCHECK" = "dmalloc"; then
-   AC_CHECKING([for dmalloc Library and Header files])
-   AC_CHECK_HEADER(dmalloc.h, 
-        [AC_CHECK_LIB(dmalloc, malloc,
-	    [
-               OPENVPN_ADD_LIBS(-ldmalloc)
-	       AC_DEFINE(DMALLOC, 1, [Use dmalloc memory debugging library])
-	    ],
-	    [AC_MSG_ERROR([dmalloc library not found.])]
-	)],
-        [AC_MSG_ERROR([dmalloc headers not found.])]
-   )
+AC_CHECK_LIB(
+	[selinux],
+	[setcon],
+	[SELINUX_LIBS="-lselinux"]
+)
+AC_SUBST([SELINUX_LIBS])
+
+AC_ARG_VAR([LIBPAM_CFLAGS], [C compiler flags for libpam])
+AC_ARG_VAR([LIBPAM_LIBS], [linker flags for libpam])
+if test -z "${LIBPAM_LIBS}"; then
+	AC_CHECK_LIB(
+		[pam],
+		[pam_start],
+		[LIBPAM_LIBS="-lpam"]
+	)
 fi
 
-dnl
-dnl Check for dlopen -- first try libc then libdl.
-dnl
-if test "${WIN32}" != "yes"; then
-   if test "$PLUGINS" = "yes"; then
-      AC_CHECKING([for libdl Library and Header files])
-      AC_CHECK_HEADER(dlfcn.h,
-           [AC_CHECK_FUNC(dlopen,
-               [AC_DEFINE(USE_LIBDL, 1, [Use libdl for dynamic library loading])],
-               [AC_CHECK_LIB(dl, dlopen,
-	           [
-                      OPENVPN_ADD_LIBS(-ldl)
-	              AC_DEFINE(USE_LIBDL, 1, [Use libdl for dynamic library loading])
-	           ],
-	           [AC_MSG_RESULT([libdl library not found.])]
-	       )],
-           )],
-           [AC_MSG_RESULT([libdl headers not found.])]
-      )
-      if test "$EUREPHIA" = "yes"; then
-         AC_DEFINE(ENABLE_EUREPHIA, 1, [Enable support for the eurephia plug-in])
-      fi
-   fi
-fi
+case "${with_mem_check}" in
+	valgrind)
+		AC_CHECK_HEADER(
+			[valgrind/memcheck.h],
+			[
+				CFLAGS="${CFLAGS} -g -fno-inline"
+				AC_DEFINE(
+					[USE_VALGRIND],
+					[1],
+					[Use valgrind memory debugging library]
+				)
+			],
+			[AC_MSG_ERROR([valgrind headers not found.])]
+		)
+		;;
+	dmalloc)
+		AC_CHECK_HEADER(
+			[dmalloc.h],
+			[AC_CHECK_LIB(
+				[dmalloc],
+				[malloc],
+				[
+					LIBS="${LIBS} -ldmalloc"
+					AC_DEFINE(
+						[DMALLOC],
+						[1],
+						[Use dmalloc memory debugging library]
+					)
+				],
+				[AC_MSG_ERROR([dmalloc library not found.])]
+			)],
+			[AC_MSG_ERROR([dmalloc headers not found.])]
+		)
+		;;
+	ssl)
+		AC_CHECK_LIB(
+			[ssl],
+			[CRYPTO_mem_ctrl],
+			[
+				AC_DEFINE(
+					[CRYPTO_MDEBUG],
+					[1],
+					[Use memory debugging function in OpenSSL]
+				)
+				AC_MSG_NOTICE([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
+			],
+			[AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
+		)
+		;;
+esac
 
-dnl
-dnl Check if LoadLibrary exists on Windows
-dnl
-if test "${WIN32}" = "yes"; then
-   if test "$PLUGINS" = "yes"; then
-	AC_TRY_LINK([
-	    #include <windows.h>
-	  ], [
-	    LoadLibrary (NULL);
-	  ], [
-	    AC_MSG_RESULT([LoadLibrary DEFINED])
-	    AC_DEFINE(USE_LOAD_LIBRARY, 1, [Use LoadLibrary to load DLLs on Windows])
-	  ], [
-	    AC_MSG_RESULT([LoadLibrary UNDEFINED])
-	  ])
-   fi
-fi
+PKG_CHECK_MODULES(
+	[OPENSSL_CRYPTO],
+	[libcrypto >= 0.9.6],
+	[have_openssl_crypto="yes"],
+	[AC_CHECK_LIB(
+		[crypto],
+		[RSA_new],
+		[
+			have_openssl_crypto="yes"
+			OPENSSL_CRYPTO_LIBS="-lcrypto"
+		]
+	)]
+)
 
-dnl
-dnl check for LZO library
-dnl
+PKG_CHECK_MODULES(
+	[OPENSSL_SSL],
+	[libssl >= 0.9.6],
+	[have_openssl_ssl="yes"],
+	[AC_CHECK_LIB(
+		[ssl],
+		[SSL_CTX_new],
+		[
+			have_openssl_ssl="yes"
+			OPENSSL_SSL_LIBS="-lssl"
+		]
+	)]
+)
 
-if test "$LZO" = "yes"; then
-   LZO_H=""
-   AC_CHECKING([for LZO Library and Header files])
-   AC_CHECK_HEADER(lzo/lzo1x.h,
-	[ LZO_H="2"
-	  lzolibs="lzo2 lzo"
-	  AC_DEFINE(LZO_HEADER_DIR, 1, [Use lzo/ directory prefix for LZO header files (for LZO 2.0)])
-	],
-	[ AC_CHECK_HEADER(lzo1x.h, [ LZO_H="1" ; lzolibs=lzo ]) ]
-   )
-
-   if test -n "$LZO_H"; then
-     havelzolib=0
-     for i in $lzolibs ; do
-	if test $havelzolib = 1 ; then break ; fi
-	AC_CHECK_LIB($i, lzo1x_1_15_compress,
-          [
-	    OPENVPN_ADD_LIBS(-l$i)
-	    AC_DEFINE(USE_LZO, 1, [Use LZO compression library])
-	    AC_DEFINE_UNQUOTED(LZO_VERSION_NUM, "$LZO_H", [LZO version number])
-	    havelzolib=1
-	  ]
-        )
-     done
-     if test $havelzolib = 0 ; then
-       AC_MSG_ERROR([LZO headers were found but LZO library was not found])
-     fi
-   else
-     AC_MSG_RESULT([LZO headers were not found])
-     AC_MSG_RESULT([LZO library available from http://www.oberhumer.com/opensource/lzo/])
-     AC_MSG_ERROR([Or try ./configure --disable-lzo])
-   fi
+if test "${have_openssl_crypto}" = "yes"; then
+	saved_CFLAGS="${CFLAGS}"
+	saved_LIBS="${LIBS}"
+	CFLAGS="${CFLAGS} ${OPENSSL_CRYPTO_CFLAGS}"
+	LIBS="${LIBS} ${OPENSSL_CRYPTO_LIBS}"
+	AC_CHECK_FUNCS([EVP_CIPHER_CTX_set_key_length])
+	have_openssl_engine="yes"
+	AC_CHECK_FUNCS(
+		[ \
+			ENGINE_load_builtin_engines \
+			ENGINE_register_all_complete \
+			ENGINE_cleanup \
+		],
+		,
+		[have_openssl_engine="no"; break]
+	)
+
+	CFLAGS="${saved_CFLAGS}"
+	LIBS="${saved_LIBS}"
 fi
 
-dnl
-dnl check for OpenSSL-crypto library
-dnl
-
-if test "$CRYPTO" = "yes"; then
-   AC_CHECKING([for OpenSSL Crypto Library and Header files])
-   AC_CHECK_HEADER(openssl/evp.h,,
-	[AC_MSG_ERROR([OpenSSL Crypto headers not found.])])
-
-   for lib in crypto eay32; do
-      AC_CHECK_LIB($lib, EVP_CIPHER_CTX_init,
-            [
-		cryptofound=1
-		OPENVPN_ADD_LIBS(-l$lib)
-	    ]
-      )
-   done
-
-   test -n "$cryptofound" || AC_MSG_ERROR([OpenSSL Crypto library not found.])
-
-   AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6])
-   AC_EGREP_CPP(yes,
-     [
-       #include <openssl/evp.h>
-       #if SSLEAY_VERSION_NUMBER >= 0x00906000L
-	 yes
-       #endif
-     ],
-     [
-       AC_MSG_RESULT([yes])
-       AC_DEFINE(USE_CRYPTO, 1, [Use OpenSSL crypto library])
-       AC_CHECK_FUNCS(EVP_CIPHER_CTX_set_key_length)
-
-       dnl check for OpenSSL crypto acceleration capability
-       AC_CHECK_HEADERS(openssl/engine.h)
-       AC_CHECK_FUNCS(ENGINE_load_builtin_engines)
-       AC_CHECK_FUNCS(ENGINE_register_all_complete)
-       AC_CHECK_FUNCS(ENGINE_cleanup)
-     ],
-     [AC_MSG_ERROR([OpenSSL crypto Library is too old.])]
-   )
-
-dnl
-dnl check for OpenSSL-SSL library
-dnl
-
-   if test "$SSL" = "yes"; then
-      AC_CHECKING([for OpenSSL SSL Library and Header files])
-      AC_CHECK_HEADER(openssl/ssl.h,,
-	   [AC_MSG_ERROR([OpenSSL SSL headers not found.])]
-      )
-
-      for lib in ssl ssl32; do
-	  AC_CHECK_LIB($lib, SSL_CTX_new,
+AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl])
+AC_ARG_VAR([POLARSSL_LIBS], [linker flags for polarssl])
+have_polarssl_ssl="yes"
+have_polarssl_crypto="yes"
+if test -z "${POLARSSL_LIBS}"; then
+	AC_CHECK_LIB(
+		[polarssl],
+		[ssl_init],
+		[POLARSSL_LIBS="-lpolarssl"],
 		[
-			sslfound=1
-			OPENVPN_ADD_LIBS(-l$lib)
+			have_polarssl_ssl="no"
+			AC_CHECK_LIB(
+				[polarssl],
+				[aes_crypt_cbc],
+				,
+				[have_polarssl_crypto="no"]
+			)
 		]
-	  )
-      done
-
-      test -n "${sslfound}" || AC_MSG_ERROR([OpenSSL SSL library not found.])
-
-      if test "$MEMCHECK" = "ssl"; then
-	     AC_CHECKING([for Memory Debugging Capabilities in OpenSSL Library])
-	     AC_CHECK_LIB(ssl, CRYPTO_mem_ctrl,
-		 [
-		     AC_DEFINE(CRYPTO_MDEBUG, 1, [Use memory debugging function in OpenSSL])
-		     AC_MSG_RESULT([NOTE: OpenSSL library must be compiled with CRYPTO_MDEBUG])
-		 ],
-		 [AC_MSG_ERROR([Memory Debugging function in OpenSSL library not found.])]
-	     )
-      fi
-
-      AC_DEFINE(USE_SSL, 1, [Use OpenSSL SSL library])
-   fi
+	)
 fi
 
-dnl enable --x509-username-field feature if requested
-if test "$X509ALTUSERNAME" = "yes"; then
-   AC_DEFINE(ENABLE_X509ALTUSERNAME, 1, [Enable --x509-username-field feature])
+if test "${with_crypto_library}" = "polarssl" ; then
+	AC_MSG_CHECKING([polarssl version])
+	old_CFLAGS="${CFLAGS}"
+	CFLAGS="${POLARSSL_CFLAGS} ${CFLAGS}"
+	AC_COMPILE_IFELSE(
+		[AC_LANG_PROGRAM(
+			[[
+#include <polarssl/version.h>
+			]],
+			[[
+#if POLARSSL_VERSION_NUMBER < 0x01010000
+#error invalid version
+#endif
+			]]
+		)],
+		[AC_MSG_RESULT([ok])],
+		[AC_MSG_ERROR([invalid polarssl version])]
+	)
+	CFLAGS="${old_CFLAGS}"
 fi
 
-dnl enable pkcs11 capability
-if test "$PKCS11" = "yes"; then
-   AC_CHECKING([for pkcs11-helper Library and Header files])
-   AC_CHECK_HEADER(pkcs11-helper-1.0/pkcs11h-core.h,
-	[AC_CHECK_LIB(pkcs11-helper, pkcs11h_initialize,
-	    [
-		   AC_DEFINE(USE_PKCS11, 1, [Enable PKCS11 capability])
-		   OPENVPN_ADD_LIBS(-lpkcs11-helper)
-	    ],
-	    [AC_MSG_RESULT([pkcs11-helper library not found.])]
-	)],
-	[AC_MSG_RESULT([pkcs11-helper headers not found.])]
-   )
+AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
+AC_ARG_VAR([LZO_LIBS], [linker flags for lzo])
+have_lzo="yes"
+if test -z "${LZO_LIBS}"; then
+	AC_CHECK_LIB(
+		[lzo2],
+		[lzo1x_1_15_compress],
+		[LZO_LIBS="-llzo2"],
+		[AC_CHECK_LIB(
+			[lzo],
+			[lzo1x_1_15_compress],
+			[LZO_LIBS="-llzo"],
+			[have_lzo="no"]
+		)]
+	)
 fi
-
-dnl enable multi-client mode
-if test "$MULTI" = "yes"; then
-   AC_DEFINE(ENABLE_CLIENT_SERVER, 1, [Enable client/server capability])
+if test "${have_lzo}" = "yes"; then
+	saved_CFLAGS="${CFLAGS}"
+	CFLAGS="${CFLAGS} ${LZO_CFLAGS}"
+	AC_CHECK_HEADERS(
+		[lzo/lzoutil.h],
+		,
+		[AC_CHECK_HEADERS(
+			[lzoutil.h],
+			,
+			[AC_MSG_ERROR([lzoutil.h is missing])]
+		)]
+	)
+	AC_CHECK_HEADERS(
+		[lzo/lzo1x.h],
+		,
+		[AC_CHECK_HEADERS(
+			[lzo1x.h],
+			,
+			[AC_MSG_ERROR([lzo1x.h is missing])]
+		)]
+	)
+	CFLAGS="${saved_CFLAGS}"
 fi
 
-dnl enable client mode only, not server
-if test "$MULTI_SERVER" = "no"; then
-   AC_DEFINE(ENABLE_CLIENT_ONLY, 1, [Enable client capability only])
-fi
+PKG_CHECK_MODULES(
+	[PKCS11_HELPER],
+	[libpkcs11-helper-1 >= 1.02],
+	[have_pkcs11_helper="yes"],
+	[]
+)
 
-dnl enable management server capability
-if test "$MANAGEMENT" = "yes"; then
-   AC_DEFINE(ENABLE_MANAGEMENT, 1, [Enable management server capability])
+AC_MSG_CHECKING([git checkout])
+GIT_CHECKOUT="no"
+if test -n "${GIT}" -a -d "${srcdir}/.git"; then
+	AC_DEFINE([HAVE_CONFIG_VERSION_H], [1], [extra version available in config-version.h])
+	GIT_CHECKOUT="yes"
 fi
+AC_MSG_RESULT([${GIT_CHECKOUT}])
 
-dnl enable socks 
-if test "$SOCKS" = "yes"; then
-   AC_DEFINE(ENABLE_SOCKS, 1, [Enable Socks proxy support])
+if test -n "${SP_PLATFORM_WINDOWS}"; then
+	AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #"
+	AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #"
+else
+	AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['/'], [Path separator])
+	AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["/"], [Path separator])
 fi
 
-dnl enable HTTP proxy
-if test "$HTTP_PROXY" = "yes"; then
-   AC_DEFINE(ENABLE_HTTP_PROXY, 1, [Enable HTTP proxy support])
-fi
+dnl enable --x509-username-field feature if requested
+if test "${enable_x509_alt_username}" = "yes"; then
+	if test "${with_crypto_library}" = "polarssl" ; then
+		AC_MSG_ERROR([PolarSSL does not support the --x509-username-field feature])
+	fi
 
-dnl compile --multihome option
-if test "$MULTIHOME" = "yes"; then
-   AC_DEFINE(ENABLE_MULTIHOME, 1, [Enable multi-homed UDP server capability])
+	AC_DEFINE([ENABLE_X509ALTUSERNAME], [1], [Enable --x509-username-field feature])
 fi
 
-dnl enable debugging
-if test "$DEBUG" = "yes"; then
-   AC_DEFINE(ENABLE_DEBUG, 1, [Enable debugging support])
-fi
+test "${ac_cv_header_sys_uio_h}" = "yes" && AC_DEFINE([HAVE_IOVEC], [1], [struct iovec needed for IPv6 support])
+test "${enable_multi}" = "yes" && AC_DEFINE([ENABLE_CLIENT_SERVER], [1], [Enable client/server capability])
+test "${enable_server}" = "no" && AC_DEFINE([ENABLE_CLIENT_ONLY], [1], [Enable client capability only])
+test "${enable_management}" = "yes" && AC_DEFINE([ENABLE_MANAGEMENT], [1], [Enable management server capability])
+test "${enable_socks}" = "yes" && AC_DEFINE([ENABLE_SOCKS], [1], [Enable Socks proxy support])
+test "${enable_http_proxy}" = "yes" && AC_DEFINE([ENABLE_HTTP_PROXY], [1], [Enable HTTP proxy support])
+test "${enable_multihome}" = "yes" && AC_DEFINE([ENABLE_MULTIHOME], [1], [Enable multi-homed UDP server capability])
+test "${enable_debug}" = "yes" && AC_DEFINE([ENABLE_DEBUG], [1], [Enable debugging support])
+test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller executable size])
+test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
+test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
+test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable deferred authentication])
+test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
+test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
+test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file])
+test "${enable_systemd}" = "yes" && AC_DEFINE([ENABLE_SYSTEMD], [1], [Enable systemd support])
+
+case "${with_crypto_library}" in
+	openssl)
+		have_crypto_crypto="${have_openssl_crypto}"
+		have_crypto_ssl="${have_openssl_ssl}"
+		CRYPTO_CRYPTO_CFLAGS="${OPENSSL_CRYPTO_CFLAGS}"
+		CRYPTO_CRYPTO_LIBS="${OPENSSL_CRYPTO_LIBS}"
+		CRYPTO_SSL_CFLAGS="${OPENSSL_SSL_CFLAGS}"
+		CRYPTO_SSL_LIBS="${OPENSSL_SSL_LIBS}"
+		AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
+		test "${have_openssl_engine}" = "yes" && AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [Use crypto library])
+		;;
+	polarssl)
+		have_crypto_crypto="${have_polarssl_crypto}"
+		have_crypto_ssl="${have_polarssl_ssl}"
+		CRYPTO_CRYPTO_CFLAGS="${POLARSSL_CFLAGS}"
+		CRYPTO_CRYPTO_LIBS="${POLARSSL_LIBS}"
+		AC_DEFINE([ENABLE_CRYPTO_POLARSSL], [1], [Use PolarSSL library])
+		;;
+esac
 
-dnl enable small size optimizations
-if test "$SMALL" = "yes"; then
-   AC_DEFINE(ENABLE_SMALL, 1, [Enable smaller executable size])
+if test "${enable_ssl}" = "yes"; then
+	test "${enable_crypto}" != "yes" && AC_MSG_ERROR([crypto must be enabled for ssl])
+	test "${have_crypto_ssl}" != "yes" && AC_MSG_ERROR([${with_ssl_library} ssl is required but missing])
+	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_SSL_CFLAGS}"
+	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_SSL_LIBS}"
+	AC_DEFINE([ENABLE_SSL], [1], [Enable ssl library])
 fi
 
-dnl enable --fragment
-if test "$FRAGMENT" = "yes"; then
-   AC_DEFINE(ENABLE_FRAGMENT, 1, [Enable internal fragmentation support])
+if test "${enable_crypto}" = "yes"; then
+	test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crytpo is required but missing])
+	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}"
+	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}"
+	AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library])
 fi
 
-dnl enable --port-share
-if test "$PORT_SHARE" = "yes"; then
-   AC_DEFINE(ENABLE_PORT_SHARE, 1, [Enable TCP Server port sharing])
+if test "${enable_plugins}" = "yes"; then
+	OPTIONAL_DL_LIBS="${DL_LIBS}"
+	AC_DEFINE([ENABLE_PLUGIN], [1], [Enable systemd support])
+	test "${enable_eurephia}" = "yes" && AC_DEFINE([ENABLE_EUREPHIA], [1], [Enable support for the eurephia plug-in])
+else
+	enable_plugin_auth_pam="no"
+	enable_plugin_down_root="no"
 fi
 
-dnl enable deferred auth
-if test "$DEF_AUTH" = "yes"; then
-   AC_DEFINE(CONFIGURE_DEF_AUTH, 1, [Enable deferred authentication])
+if test "${enable_iproute2}" = "yes"; then
+	test -z "${IPROUTE}" && AC_MSG_ERROR([ip utility is required but missing])
+	AC_DEFINE([ENABLE_IPROUTE], [1], [enable iproute2 support])
+else
+	if test "${WIN32}" != "yes"; then
+		test -z "${ROUTE}" && AC_MSG_ERROR([route utility is required but missing])
+		test -z "${IFCONFIG}" && AC_MSG_ERROR([ifconfig utility is required but missing])
+	fi
 fi
 
-dnl enable internal packet filter
-if test "$PF" = "yes"; then
-   AC_DEFINE(CONFIGURE_PF, 1, [Enable internal packet filter])
+if test "${enable_selinux}" = "yes"; then
+	test -z "${SELINUX_LIBS}" && AC_MSG_ERROR([libselinux required but missing])
+	OPTIONAL_SELINUX_LIBS="${SELINUX_LIBS}"
+	AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
 fi
 
-dnl enable strict compiler warnings
-if test "$STRICT" = "yes"; then
-   CFLAGS="$CFLAGS -Wall -Wno-unused-parameter -Wno-unused-function"
+if test "${enable_lzo}" = "yes"; then
+	test "${have_lzo}" != "yes" && AC_MSG_ERROR([lzo enabled but missing])
+	OPTIONAL_LZO_CFLAGS="${LZO_CFLAGS}"
+	OPTIONAL_LZO_LIBS="${LZO_LIBS}"
+	AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
 fi
-
-dnl enable pedantic compiler warnings
-if test "$PEDANTIC" = "yes"; then
-   CFLAGS="$CFLAGS -ansi -pedantic"
+if test "${enable_lzo_stub}" = "yes"; then
+	test "${enable_lzo}" = "yes" && AC_MSG_ERROR([Cannot have both lzo stub and lzo enabled])
+	AC_DEFINE([ENABLE_LZO_STUB], [1], [Enable LZO stub capability])
+	AC_DEFINE([ENABLE_LZO], [1], [Enable LZO compression library])
 fi
 
-dnl enable profiling
-if test "$PROFILE" = "yes"; then
-   CFLAGS="$CFLAGS -pg -DENABLE_PROFILING"
+if test "${enable_pkcs11}" = "yes"; then
+	test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
+	test "${enable_ssl}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if SSL is enabled])
+	OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
+	OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
+	AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
 fi
 
-dnl enable strict options check between peers
-if test "$STRICT_OPTIONS" = "yes"; then
-   AC_DEFINE(STRICT_OPTIONS_CHECK, 1, [Enable strict options check between peers])
+if test "${enable_pedantic}" = "yes"; then
+	enable_strict="yes"
+	CFLAGS="${CFLAGS} -pedantic"
+	test "${WIN32}" != "yes" && CFLAGS="${CFLAGS} -ansi"
 fi
-
-dnl enable password save
-if test "$PASSWORD_SAVE" = "yes"; then
-   AC_DEFINE(ENABLE_PASSWORD_SAVE, 1, [Allow --askpass and --auth-user-pass passwords to be read from a file])
+if test "${enable_strict}" = "yes"; then
+	CFLAGS="${CFLAGS} -Wall -Wno-unused-parameter -Wno-unused-function"
 fi
 
-dnl
-dnl check for SELinux library and headers
-dnl
-if test "$SELINUX" = "yes"; then
-   AC_CHECKING([for libselinux Library and Header files])
-   AC_CHECK_HEADER(selinux/selinux.h,
-      [AC_CHECK_LIB(selinux, setcon,
-         [
-            OPENVPN_ADD_LIBS(-lselinux)
-            AC_DEFINE(HAVE_SETCON, 1, [SELinux support])
-         ],
-            [AC_MSG_RESULT([SELinux library not found.])]
-         )],
-      [AC_MSG_RESULT([SELinux headers not found.])]
-   )
+if test "${WIN32}" = "yes"; then
+	test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32])
 fi
 
-TAP_ID="PRODUCT_TAP_ID"
-TAP_WIN32_MIN_MAJOR="PRODUCT_TAP_WIN32_MIN_MAJOR"
-TAP_WIN32_MIN_MINOR="PRODUCT_TAP_WIN32_MIN_MINOR"
-AC_DEFINE_UNQUOTED(TAP_ID, "${TAP_ID}", [The TAP-Win32 id defined in tap-win32/SOURCES])
-AC_DEFINE_UNQUOTED(TAP_WIN32_MIN_MAJOR, ${TAP_WIN32_MIN_MAJOR}, [The TAP-Win32 version number is defined in tap-win32/SOURCES])
-AC_DEFINE_UNQUOTED(TAP_WIN32_MIN_MINOR, ${TAP_WIN32_MIN_MINOR}, [The TAP-Win32 version number is defined in tap-win32/SOURCES])
-AC_SUBST(TAP_ID)
-AC_SUBST(TAP_WIN32_MIN_MAJOR)
-AC_SUBST(TAP_WIN32_MIN_MINOR)
-
-win32datadir="\${datadir}/${PACKAGE}-win32"
-AC_SUBST(win32datadir)
-AM_CONDITIONAL(WIN32, test "${WIN32}" = "yes")
-
-# workaround for <autoconf-2.60
-if test -z "${docdir}"; then
-	docdir="\$(datadir)/doc/\$(PACKAGE_NAME)"
-	AC_SUBST([docdir])
-fi
-if test -z "${htmldir}"; then
-	htmldir="\$(docdir)"
-	AC_SUBST([htmldir])
+if test "${enable_plugin_auth_pam}" = "yes"; then
+	PLUGIN_AUTH_PAM_CFLAGS="${LIBPAM_CFLAGS}"
+	if test "${enable_pam_dlopen}" = "yes"; then
+		AC_DEFINE([USE_PAM_DLOPEN], [1], [dlopen libpam])
+		PLUGIN_AUTH_PAM_LIBS="${DL_LIBS}"
+	else
+		test -z "${LIBPAM_LIBS}" && AC_MSG_ERROR([libpam required but missing])
+		PLUGIN_AUTH_PAM_LIBS="${LIBPAM_LIBS}"
+	fi
 fi
-# end workaround
 
-AC_CONFIG_FILES([t_client.sh], [chmod +x t_client.sh])
-AC_OUTPUT([
+CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
+AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+
+TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
+TAP_WIN_MIN_MAJOR="PRODUCT_TAP_WIN_MIN_MAJOR"
+TAP_WIN_MIN_MINOR="PRODUCT_TAP_WIN_MIN_MINOR"
+AC_DEFINE_UNQUOTED([TAP_WIN_COMPONENT_ID], ["${TAP_WIN_COMPONENT_ID}"], [The tap-windows id])
+AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MAJOR], [${TAP_WIN_MIN_MAJOR}], [The tap-windows version number is required for OpenVPN])
+AC_DEFINE_UNQUOTED([TAP_WIN_MIN_MINOR], [${TAP_WIN_MIN_MINOR}], [The tap-windows version number is required for OpenVPN])
+AC_SUBST([TAP_WIN_COMPONENT_ID])
+AC_SUBST([TAP_WIN_MIN_MAJOR])
+AC_SUBST([TAP_WIN_MIN_MINOR])
+
+AC_SUBST([OPTIONAL_DL_LIBS])
+AC_SUBST([OPTIONAL_SELINUX_LIBS])
+AC_SUBST([OPTIONAL_CRYPTO_CFLAGS])
+AC_SUBST([OPTIONAL_CRYPTO_LIBS])
+AC_SUBST([OPTIONAL_LZO_CFLAGS])
+AC_SUBST([OPTIONAL_LZO_LIBS])
+AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
+AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
+
+AC_SUBST([PLUGIN_AUTH_PAM_CFLAGS])
+AC_SUBST([PLUGIN_AUTH_PAM_LIBS])
+
+AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
+AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
+AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
+AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
+
+plugindir="${with_plugindir}"
+sampledir="\$(docdir)/sample"
+AC_SUBST([plugindir])
+AC_SUBST([sampledir])
+
+AC_CONFIG_FILES([
+	version.sh
 	Makefile
-	openvpn.spec
-	images/Makefile
-	service-win32/Makefile
-	install-win32/Makefile
-	install-win32/settings
+	build/Makefile
+	build/msvc/Makefile
+	build/msvc/msvc-generate/Makefile
+	distro/Makefile
+	distro/rpm/Makefile
+	distro/rpm/openvpn.spec
+	include/Makefile
+	src/Makefile
+	src/compat/Makefile
+	src/openvpn/Makefile
+	src/openvpnserv/Makefile
+	src/plugins/Makefile
+	src/plugins/auth-pam/Makefile
+	src/plugins/down-root/Makefile
+	tests/Makefile
+	sample/Makefile
+	doc/Makefile
 ])
+AC_CONFIG_FILES([tests/t_client.sh], [chmod +x tests/t_client.sh])
+AC_OUTPUT
-- 
cgit v1.2.3