build ocserv 0.8.6 with GnuTLS 3.3.9
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Oct 23 00:24:43 PDT 2014
On Thu, Oct 23, 2014 at 9:20 AM, David Frank <bitinn at gmail.com> wrote:
> It seems that the OS installed library is queried in the ocserv's
> configure step, PKCS #11 is detected, and thus the error you see, as
> you don't have PKCS #11 in your compiled library. One option is to
> enable PKCS #11 support in your compiled library by installing
> p11-kit, the other is to somehow force configure to use your compiled
> library.
> Sorry but could you explain how are PKCS support checked? As far as I can
> see it only check whether GnuTLS supports PKCS #11, not the environment or
> hardware right?
See ocserv's configure.ac. It checks whether gnutls contains the PKCS
#11 functions.
> Doesn't compiling GnuTLS with --without-p11-kit already tell ocserv to not
> invoke PKCS #11 related functions?
Correct, but you have two gnutls libraries in your system. The system
one which has pkcs11 support and is queried on configure, and the one
you installed which doesn't have PKCS #11 support.
> If not, could you point me in the right direction to enable p11? because
> with both p11-kit and libp11-kit-dev package installed, I still can't get
> GnuTLS 3.3.9 to return "PKCS#11 support: yes" during configure.
Check the configure log. Most probably it tells you that the version
installed isn't sufficient.
regards,
Nikos
More information about the openconnect-devel
mailing list