use ip xfrm state in crypto evaltests
[strongswan.git] / configure.in
index d4bc3a0..f9824bb 100644 (file)
@@ -16,7 +16,7 @@ dnl ===========================
 dnl  initialize & set some vars
 dnl ===========================
 
-AC_INIT(strongSwan,4.1.7)
+AC_INIT(strongSwan,4.2.1)
 AM_INIT_AUTOMAKE(tar-ustar)
 AC_C_BIGENDIAN
 AC_SUBST(confdir, '${sysconfdir}')
@@ -27,255 +27,464 @@ dnl =================================
 
 
 AC_ARG_WITH(
-    [default-pkcs11],
-    AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]),
-    [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
-    [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
+       [default-pkcs11],
+       AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]),
+       [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
+       [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
 )
 
 AC_ARG_WITH(
-    [xauth-module],
-    AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]),
-    [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")],
+       [xauth-module],
+       AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]),
+       [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")],
 )
 
 AC_ARG_WITH(
-    [random-device],
-    AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]),
-    [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
-    [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
+       [random-device],
+       AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]),
+       [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
+       [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
 )
 AC_ARG_WITH(
-    [resolv-conf],
-    AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]),
-    [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")],
-    [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")]
+       [resolv-conf],
+       AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]),
+       [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")],
+       [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")]
 )
 
 AC_ARG_WITH(
-    [urandom-device],
-    AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]),
-    [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
-    [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
+       [strongswan-conf],
+       AS_HELP_STRING([--with-strongswan-conf=file],[strongswan.conf file other than "sysconfdir/strongswan.conf"]),
+       [AC_DEFINE_UNQUOTED(STRONGSWAN_CONF, "$withval")],
+       [AC_DEFINE_UNQUOTED(STRONGSWAN_CONF, "${sysconfdir}/strongswan.conf")]
 )
 
 AC_ARG_WITH(
-    [ipsecdir],
-    AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]),
-    [AC_SUBST(ipsecdir, "$withval")],
-    [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
+       [urandom-device],
+       AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]),
+       [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
+       [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
 )
 
 AC_ARG_WITH(
-    [piddir],
-    AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]),
-    [AC_SUBST(piddir, "$withval")],
-    [AC_SUBST(piddir, "/var/run")]
+       [piddir],
+       AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]),
+       [AC_SUBST(piddir, "$withval")],
+       [AC_SUBST(piddir, "/var/run")]
 )
 
 AC_ARG_WITH(
-    [eapdir],
-    AS_HELP_STRING([--with-eapdir=dir],[path for pluggable EAP modules other than "ipsecdir/plugins/eap"]),
-    [AC_SUBST(eapdir, "$withval")],
-    [AC_SUBST(eapdir, "${ipsecdir}/plugins/eap")]
+       [ipsecdir],
+       AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]),
+       [AC_SUBST(ipsecdir, "$withval")],
+       [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")]
 )
+AC_SUBST(plugindir, "${ipsecdir}/plugins")
 
 AC_ARG_WITH(
-    [backenddir],
-    AS_HELP_STRING([--with-backenddir=dir],[path for pluggable configuration backend modules other than "ipsecdir/plugins/backends"]),
-    [AC_SUBST(backenddir, "$withval")],
-    [AC_SUBST(backenddir, "${ipsecdir}/plugins/backends")]
+       [plugindir],
+       AS_HELP_STRING([--with-plugindir=dir],[installation path for plugins other than "ipsecdir/plugins"]),
+       [AC_SUBST(plugindir, "$withval")],
+       [AC_SUBST(plugindir, "${ipsecdir}/plugins")]
 )
 
 AC_ARG_WITH(
-    [interfacedir],
-    AS_HELP_STRING([--with-interfacedir=dir],[path for pluggable control interface modules other than "ipsecdir/plugins/interfaces"]),
-    [AC_SUBST(interfacedir, "$withval")],
-    [AC_SUBST(interfacedir, "${ipsecdir}/plugins/interfaces")]
+       [sim-reader],
+       AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]),
+       [AC_SUBST(simreader, "$withval")],
+       [AC_SUBST(simreader, "${plugindir}/libeapsim-file.so")]
 )
 
 AC_ARG_WITH(
-    [sim-reader],
-    AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg() function for EAP-SIM]),
-    [AC_DEFINE_UNQUOTED(SIM_READER_LIB, "$withval")]
+       [linux-headers],
+       AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
+       [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
 )
+AC_SUBST(LINUX_HEADERS)
 
 AC_ARG_WITH(
-    [linux-headers],
-    AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
-    [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
+       [routing-table],
+       AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]),
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")], 
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")]
 )
-AC_SUBST(LINUX_HEADERS)
 
 AC_ARG_WITH(
-    [routing-table],
-    AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]),
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")], 
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")]
+       [routing-table-prio],
+       AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]),
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")], 
+       [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")]
 )
 
 AC_ARG_WITH(
-    [routing-table-prio],
-    AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]),
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")], 
-    [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")]
+       [uid],
+       AS_HELP_STRING([--with-uid=uid],[change user of the daemons to UID after startup (default is 0).]),
+       [AC_DEFINE_UNQUOTED(IPSEC_UID, $withval) AC_SUBST(ipsecuid, "$withval")],
+       [AC_DEFINE_UNQUOTED(IPSEC_UID, 0) AC_SUBST(ipsecuid, "0")]
 )
 
 AC_ARG_WITH(
-    [uid],
-    AS_HELP_STRING([--with-uid=uid],[change user of the daemons to UID after startup (default is 0).]),
-    [AC_DEFINE_UNQUOTED(IPSEC_UID, $withval) AC_SUBST(ipsecuid, "$withval")],
-    [AC_DEFINE_UNQUOTED(IPSEC_UID, 0) AC_SUBST(ipsecuid, "0")]
+       [gid],
+       AS_HELP_STRING([--with-gid=gid],[change group of the daemons to GID after startup (default is 0).]),
+       [AC_DEFINE_UNQUOTED(IPSEC_GID, $withval) AC_SUBST(ipsecgid, "$withval")],
+       [AC_DEFINE_UNQUOTED(IPSEC_GID, 0) AC_SUBST(ipsecgid, "0")]
 )
 
-AC_ARG_WITH(
-    [gid],
-    AS_HELP_STRING([--with-gid=gid],[change group of the daemons to GID after startup (default is 0).]),
-    [AC_DEFINE_UNQUOTED(IPSEC_GID, $withval) AC_SUBST(ipsecgid, "$withval")],
-    [AC_DEFINE_UNQUOTED(IPSEC_GID, 0) AC_SUBST(ipsecgid, "0")]
+AC_ARG_ENABLE(
+       [curl],
+       AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]),
+       [if test x$enableval = xyes; then
+               curl=true
+       fi]
 )
 
 AC_ARG_ENABLE(
-    [http],
-    AS_HELP_STRING([--enable-http],[enable OCSP and fetching of Certificates and CRLs over HTTP (default is NO). Requires libcurl.]),
-    [if test x$enableval = xyes; then
-        http=true
-        AC_DEFINE(LIBCURL)
-    fi]
+       [ldap],
+       AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]),
+       [if test x$enableval = xyes; then
+               ldap=true
+       fi]
 )
-AM_CONDITIONAL(USE_LIBCURL, test x$http = xtrue)
 
 AC_ARG_ENABLE(
-    [ldap],
-    AS_HELP_STRING([--enable-ldap],[enable fetching of CRLs from LDAP (default is NO). Requires openLDAP.]),
-    [if test x$enableval = xyes; then
-        ldap=true
-        AC_DEFINE(LIBLDAP)
-    fi]
+       [aes],
+       AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               aes=true
+        else
+               aes=false
+       fi],
+       aes=true
 )
-AM_CONDITIONAL(USE_LIBLDAP, test x$ldap = xtrue)
 
 AC_ARG_ENABLE(
-    [dbus],
-    AS_HELP_STRING([--enable-dbus],[enable DBUS configuration and control interface (default is NO). Requires libdbus.]),
-    [if test x$enableval = xyes; then
-        dbus=true
-        AC_DEFINE(LIBDBUS)
-    fi]
+       [des],
+       AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               des=true
+        else
+               des=false
+       fi],
+       des=true
 )
-AM_CONDITIONAL(USE_LIBDBUS, test x$dbus = xtrue)
 
 AC_ARG_ENABLE(
-    [xml],
-    AS_HELP_STRING([--enable-xml],[enable XML configuration and control interface (default is NO). Requires libxml.]),
-    [if test x$enableval = xyes; then
-        xml=true
-        AC_DEFINE(LIBXML)
-    fi]
+       [md5],
+       AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               md5=true
+        else
+               md5=false
+       fi],
+       md5=true
 )
-AM_CONDITIONAL(USE_LIBXML, test x$xml = xtrue)
 
 AC_ARG_ENABLE(
-    [smartcard],
-    AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
-    [if test x$enableval = xyes; then
-        smartcard=true
-        AC_DEFINE(SMARTCARD)
-    fi]
+       [sha1],
+       AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               sha1=true
+        else
+               sha1=false
+       fi],
+       sha1=true
 )
-AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
 
 AC_ARG_ENABLE(
-    [cisco-quirks],
-    AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]),
-    [if test x$enableval = xyes; then
-        cisco_quirks=true
-    fi]
+       [sha2],
+       AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               sha2=true
+        else
+               sha2=false
+       fi],
+       sha2=true
 )
-AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue)
 
 AC_ARG_ENABLE(
-    [leak-detective],
-    AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
-    [if test x$enableval = xyes; then
-        leak_detective=true
-    fi]
+       [fips-prf],
+       AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               fips_prf=true
+        else
+               fips_prf=false
+       fi],
+       fips_prf=true
 )
-AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
 
 AC_ARG_ENABLE(
-    [eap-sim],
-    AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
-    [if test x$enableval = xyes; then
-        eap_sim=true
-    fi]
+       [gmp],
+       AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               gmp=true
+        else
+               gmp=false
+       fi],
+       gmp=true
 )
-AM_CONDITIONAL(BUILD_EAP_SIM, test x$eap_sim = xtrue)
 
 AC_ARG_ENABLE(
-    [nat-transport],
-    AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]),
-    [if test x$enableval = xyes; then
-        nat_transport=true
-    fi]
+       [random],
+       AS_HELP_STRING([--disable-random],[disable RNG implementation on top of /dev/(u)random. (default is NO).]),
+       [if test x$enableval = xyes; then
+               random=true
+        else
+               random=false
+       fi],
+       random=true
 )
-AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue)
 
 AC_ARG_ENABLE(
-    [vendor-id],
-    AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]),
-    [if test x$enableval = xyes; then
-        vendor_id=true
-     else
-        vendor_id=false
-    fi],
-    vendor_id=true
+       [x509],
+       AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               x509=true
+        else
+               x509=false
+       fi],
+       x509=true
 )
-AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
 
 AC_ARG_ENABLE(
-    [xauth-vid],
-    AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
-    [if test x$enableval = xyes; then
-        xauth_vid=true
-     else
-        xauth_vid=false
-    fi],
-    xauth_vid=true
+       [hmac],
+       AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               hmac=true
+        else
+               hmac=false
+       fi],
+       hmac=true
 )
-AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
 
 AC_ARG_ENABLE(
-    [uml],
-    AS_HELP_STRING([--enable-uml],[build the UML test framework (default is NO).]),
-    [if test x$enableval = xyes; then
-        uml=true
-    fi]
+       [mysql],
+       AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]),
+       [if test x$enableval = xyes; then
+               mysql=true
+       fi]
 )
-AM_CONDITIONAL(USE_UML, test x$uml = xtrue)
 
 AC_ARG_ENABLE(
-    [integrity-test],
-    AS_HELP_STRING([--enable-integrity-test],[enable the integrity test of the crypto library (default is NO).]),
-    [if test x$enableval = xyes; then
-        integrity_test=true 
-        AC_DEFINE(INTEGRITY_TEST)
-     fi]
+       [sqlite],
+       AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]),
+       [if test x$enableval = xyes; then
+               sqlite=true
+       fi]
 )
-AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
 
 AC_ARG_ENABLE(
-    [self-test],
-    AS_HELP_STRING([--disable-self-test],[disable the self-test of the crypto library (default is NO).]),
-    [if test x$enableval = xyes; then
-        self_test=true
-     else
-        self_test=false
-        AC_DEFINE(NO_SELF_TEST)
-     fi],
-        self_test=true
+       [stroke],
+       AS_HELP_STRING([--disable-stroke],[disable charons stroke (pluto compatibility) configuration backend. (default is NO).]),
+       [if test x$enableval = xyes; then
+               stroke=true
+        else
+               stroke=false
+       fi],
+       stroke=true
+)
+
+AC_ARG_ENABLE(
+       [med-db],
+       AS_HELP_STRING([--enable-med-db],[enable MySQL mediation database plugin (default is NO).]),
+       [if test x$enableval = xyes; then
+               med_db=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [smp],
+       AS_HELP_STRING([--enable-smp],[enable SMP configuration and control interface (default is NO). Requires libxml.]),
+       [if test x$enableval = xyes; then
+               smp=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [sql],
+       AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]),
+       [if test x$enableval = xyes; then
+               sql=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [smartcard],
+       AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
+       [if test x$enableval = xyes; then
+               smartcard=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [cisco-quirks],
+       AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]),
+       [if test x$enableval = xyes; then
+               cisco_quirks=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [leak-detective],
+       AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
+       [if test x$enableval = xyes; then
+               leak_detective=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [unit-tests],
+       AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]),
+       [if test x$enableval = xyes; then
+               unittest=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [eap-sim],
+       AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_sim=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [eap-identity],
+       AS_HELP_STRING([--enable-eap-identity],[build EAP module providing EAP-Identity helper (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_identity=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [eap-md5],
+       AS_HELP_STRING([--enable-eap-md5],[build MD5 (CHAP) authenication module for EAP (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_md5=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [eap-aka],
+       AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]),
+       [if test x$enableval = xyes; then
+               eap_aka=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [nat-transport],
+       AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]),
+       [if test x$enableval = xyes; then
+               nat_transport=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [vendor-id],
+       AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]),
+       [if test x$enableval = xyes; then
+               vendor_id=true
+        else
+               vendor_id=false
+       fi],
+       vendor_id=true
+)
+
+AC_ARG_ENABLE(
+       [xauth-vid],
+       AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]),
+       [if test x$enableval = xyes; then
+               xauth_vid=true
+        else
+               xauth_vid=false
+       fi],
+       xauth_vid=true
+)
+
+AC_ARG_ENABLE(
+       [dumm],
+       AS_HELP_STRING([--enable-dumm],[build the DUMM UML test framework (default is NO).]),
+       [if test x$enableval = xyes; then
+               dumm=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [fast],
+       AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]),
+       [if test x$enableval = xyes; then
+               fast=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [manager],
+       AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]),
+       [if test x$enableval = xyes; then
+               manager=true
+               xml=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [mediation],
+       AS_HELP_STRING([--enable-mediation],[enable IKEv2 Mediation Extension (default is NO).]),
+       [if test x$enableval = xyes; then
+               me=true
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [integrity-test],
+       AS_HELP_STRING([--enable-integrity-test],[enable the integrity test of the crypto library (default is NO).]),
+       [if test x$enableval = xyes; then
+               integrity_test=true 
+       fi]
+)
+
+AC_ARG_ENABLE(
+       [self-test],
+       AS_HELP_STRING([--disable-self-test],[disable the self-test of the crypto library (default is NO).]),
+       [if test x$enableval = xyes; then
+               self_test=true
+        else
+               self_test=false
+       fi],
+       self_test=true
+)
+
+AC_ARG_ENABLE(
+       [pluto],
+       AS_HELP_STRING([--disable-pluto],[disable the IKEv1 keying daemon pluto. (default is NO).]),
+       [if test x$enableval = xyes; then
+               pluto=true
+        else
+               pluto=false
+       fi],
+       pluto=true
+)
+
+AC_ARG_ENABLE(
+       [charon],
+       AS_HELP_STRING([--disable-charon],[disable the IKEv2 keying daemon charon. (default is NO).]),
+       [if test x$enableval = xyes; then
+               charon=true
+        else
+               charon=false
+       fi],
+       charon=true
+)
+
+AC_ARG_ENABLE(
+       [tools],
+       AS_HELP_STRING([--disable-tools],[disable additional utilities (openac and scepclient). (default is NO).]),
+       [if test x$enableval = xyes; then
+               tools=true
+        else
+               tools=false
+       fi],
+       tools=true
 )
-AM_CONDITIONAL(USE_SELF_TEST, test x$self_test = xtrue)
 
 dnl =========================
 dnl  check required programs
@@ -289,63 +498,147 @@ AC_PROG_CC()
 AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
 AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
 
-dnl ==========================
-dnl  check required libraries
-dnl ==========================
+dnl =========================
+dnl  dependency calculation
+dnl =========================
+
+if test x$pluto = xtrue; then
+       gmp=true;
+fi
+
+if test x$tools = xtrue; then
+       gmp=true;
+fi
+
+if test x$smp = xtrue; then
+       xml=true
+fi
 
+if test x$manager = xtrue; then
+       fast=true
+fi
+
+dnl ==========================================
+dnl  check required libraries and header files
+dnl ==========================================
+
+AC_HAVE_LIBRARY(dl)
 AC_CHECK_FUNCS(backtrace)
-AC_CHECK_FUNCS(getifaddrs)
+AC_CHECK_FUNCS(dladdr)
+
+AC_MSG_CHECKING([capset() definition])
+AC_TRY_COMPILE(
+       [#include <linux/capset.h>],
+       [
+               void *test = capset;
+       ], 
+       [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_DEFINE_UNQUOTED(NO_CAPSET_DEFINED, 1)]
+)
+
+if test x$gmp = xtrue; then
+       AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])       
+       AC_MSG_CHECKING([gmp.h version >= 4.1.4])
+       AC_TRY_COMPILE(
+               [#include "gmp.h"],
+               [
+                       #if (__GNU_MP_VERSION*100 +  __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414
+                               #error bad gmp
+                       #endif
+               ], 
+               [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])]
+       )
+fi
 
-AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])      
-if test "$ldap" = "true"; then
-    AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library ldap not found])])
-    AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library lber not found])])
+if test x$ldap = xtrue; then
+       AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP library ldap not found])])
+       AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP library lber not found])])
+       AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP header ldap.h not found!])])
 fi
-if test "$http" = "true"; then
-    AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([HTTP enabled, but library curl not found])])
+
+if test x$curl = xtrue; then
+       AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([CURL library curl not found])])
+       AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([CURL header curl/curl.h not found!])])
 fi
 
-if test "$xml" = "true"; then
-       PKG_CHECK_MODULES(xml, libxml-2.0,, AC_MSG_ERROR([No libxml2 package information found]))
+if test x$xml = xtrue; then
+       PKG_CHECK_MODULES(xml, [libxml-2.0],, AC_MSG_ERROR([No libxml2 package information found]))
        AC_SUBST(xml_CFLAGS)
        AC_SUBST(xml_LIBS)
 fi
 
-if test "$dbus" = "true"; then
-       PKG_CHECK_MODULES(dbus, dbus-1,, AC_MSG_ERROR([No libdbus package information found]))
-       AC_SUBST(dbus_CFLAGS)
-       AC_SUBST(dbus_LIBS)
+if test x$fast = xtrue; then
+       AC_HAVE_LIBRARY([neo_cgi],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_cgi not found!])])
+       AC_HAVE_LIBRARY([neo_utl],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_utl not found!])])
+       AC_HAVE_LIBRARY([z],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver dependency zlib not found!])])
+dnl autoconf does not like CamelCase!? How to fix this?
+dnl    AC_CHECK_HEADER([ClearSilver/ClearSilver.h],,[AC_MSG_ERROR([ClearSilver header file ClearSilver/ClearSilver.h not found!])])
+       
+       AC_HAVE_LIBRARY([fcgi],[LIBS="$LIBS"],[AC_MSG_ERROR([FastCGI library fcgi not found!])])
+       AC_CHECK_HEADER([fcgiapp.h],,[AC_MSG_ERROR([FastCGI header file fcgiapp.h not found!])])
 fi
 
+if test x$mysql = xtrue; then
+       AC_HAVE_LIBRARY([mysqlclient_r],[LIBS="$LIBS"],[AC_MSG_ERROR([MySQL library mysqlclient_r not found])])
+       AC_CHECK_HEADER([mysql/mysql.h],,[AC_MSG_ERROR([MySQL header mysql/mysql.h not found!])])
+fi
 
-dnl =============================
-dnl  check required header files
-dnl =============================
+if test x$mysql = xtrue; then
+       AC_HAVE_LIBRARY([sqlite3],[LIBS="$LIBS"],[AC_MSG_ERROR([SQLite library sqlite3 not found])])
+       AC_CHECK_HEADER([sqlite3.h],,[AC_MSG_ERROR([SQLite header sqlite3.h not found!])])
+fi
 
+dnl =========================
+dnl  set Makefile.am vars
+dnl =========================
 
-AC_MSG_CHECKING([gmp.h version >= 4.1.4])
-AC_TRY_COMPILE(
-    [#include "gmp.h"],
-    [
-        #if (__GNU_MP_VERSION*100 +  __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414
-            #error bad gmp
-        #endif
-    ], 
-    [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])]
-)
-AC_MSG_CHECKING([capset() definition])
-AC_TRY_COMPILE(
-    [#include <linux/capset.h>],
-    [
-       void *test = capset;
-    ], 
-    [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_DEFINE_UNQUOTED(NO_CAPSET_DEFINED, 1)]
-)
-if test "$ldap" = "true"; then
-    AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP enabled, but ldap.h not found!])])
-fi
-if test "$http" = "true"; then
-    AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([HTTP enabled, but curl.h not found!])])
+AM_CONDITIONAL(USE_CURL, test x$curl = xtrue)
+AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
+AM_CONDITIONAL(USE_AES, test x$aes = xtrue)
+AM_CONDITIONAL(USE_DES, test x$des = xtrue)
+AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
+AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
+AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
+AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
+AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
+AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
+AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
+AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
+AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
+AM_CONDITIONAL(USE_STROKE, test x$stroke = xtrue)
+AM_CONDITIONAL(USE_MED_DB, test x$med_db = xtrue)
+AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
+AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
+AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
+AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue)
+AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
+AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
+AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
+AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue)
+AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
+AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
+AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue)
+AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue)
+AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue)
+AM_CONDITIONAL(USE_DUMM, test x$dumm = xtrue)
+AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
+AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
+AM_CONDITIONAL(USE_ME, test x$me = xtrue)
+AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue)
+AM_CONDITIONAL(USE_SELF_TEST, test x$self_test = xtrue)
+AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue)
+AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
+AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
+AM_CONDITIONAL(USE_PLUTO_OR_CHARON, test x$pluto = xtrue -o x$charon = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$tools = xtrue)
+AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
+
+dnl ==============================
+dnl  set global definitions
+dnl ==============================
+
+if test x$me = xtrue; then
+       AC_DEFINE(ME)
 fi
 
 dnl ==============================
@@ -357,11 +650,34 @@ AC_OUTPUT(
        src/Makefile
        src/include/Makefile
        src/libstrongswan/Makefile
+       src/libstrongswan/plugins/aes/Makefile
+       src/libstrongswan/plugins/des/Makefile
+       src/libstrongswan/plugins/md5/Makefile
+       src/libstrongswan/plugins/sha1/Makefile
+       src/libstrongswan/plugins/sha2/Makefile
+       src/libstrongswan/plugins/fips_prf/Makefile
+       src/libstrongswan/plugins/gmp/Makefile
+       src/libstrongswan/plugins/random/Makefile
+       src/libstrongswan/plugins/hmac/Makefile
+       src/libstrongswan/plugins/x509/Makefile
+       src/libstrongswan/plugins/curl/Makefile
+       src/libstrongswan/plugins/ldap/Makefile
+       src/libstrongswan/plugins/mysql/Makefile
+       src/libstrongswan/plugins/sqlite/Makefile
        src/libcrypto/Makefile
        src/libfreeswan/Makefile
        src/pluto/Makefile
        src/whack/Makefile
        src/charon/Makefile
+       src/charon/plugins/eap_aka/Makefile
+       src/charon/plugins/eap_identity/Makefile
+       src/charon/plugins/eap_md5/Makefile
+       src/charon/plugins/eap_sim/Makefile
+       src/charon/plugins/smp/Makefile
+       src/charon/plugins/sql/Makefile
+       src/charon/plugins/med_db/Makefile
+       src/charon/plugins/stroke/Makefile
+       src/charon/plugins/unit_tester/Makefile
        src/stroke/Makefile
        src/ipsec/Makefile
        src/starter/Makefile
@@ -371,5 +687,7 @@ AC_OUTPUT(
        src/openac/Makefile
        src/scepclient/Makefile
        src/dumm/Makefile
+       src/libfast/Makefile
+       src/manager/Makefile
        testing/Makefile
 )