libhogweed.so.2 undefined symbol __gmpn_cnd_add_n

Nux! nux at li.nux.ro
Mon Sep 12 06:12:25 PDT 2016 

Hi,

I am trying to use ocserv with a letsencrypt cert, however I get the following error when trying to access it via https.

It works just fine with self-signed certs.

OS is CentOS7 with ocserv from EPEL, for versions check below.

This is my config:

[root at ocserv-vpn-test ~]# cat /etc/ocserv/ocserv.conf
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
server-cert = /etc/letsencrypt/live/ocservtest.$DOMAIN/fullchain.pem
server-key = /etc/letsencrypt/live/ocservtest.$DOMAIN/privkey.pem
tcp-port = 443
udp-port = 443
dns = 8.8.8.8
dns = 8.8.4.4
try-mtu-discovery = true
cisco-client-compat = true
socket-file = ocserv.sock
device = vpns
ipv4-network = 192.168.1.0/24


This is what happens:

[root at ocserv-vpn-test ~]# ocserv --config=/etc/ocserv/ocserv.conf -f -d 1
Setting 'plain' as primary authentication method
Setting 'file' as supplemental config option
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
listening (UDP) on 0.0.0.0:443...
listening (UDP) on [::]:443...
ocserv[16784]: main: not using control unix socket
ocserv[16784]: main: initialized ocserv 0.11.4
ocserv[16785]: sec-mod: reading supplemental config from files
ocserv[16785]: sec-mod: sec-mod initialized (socket: ocserv.sock.16784)
ocserv: symbol lookup error: /lib64/libhogweed.so.2: undefined symbol: __gmpn_cnd_add_n
ocserv[16784]: main: $IP:47952 user disconnected (reason: unspecified, rx: 0, tx: 0)





Selinux is permissive.


[root at ocserv-vpn-test ~]# rpm -qi nettle gmp ocserv
Name        : nettle
Version     : 2.7.1
Release     : 4.el7
Architecture: x86_64
Install Date: Mon 12 Sep 2016 11:52:52 GMT
Group       : Development/Libraries
Size        : 764914
License     : LGPLv2+
Signature   : RSA/SHA256, Sat 14 Mar 2015 08:19:20 GMT, Key ID 24c6a8a7f4a80eb5
Source RPM  : nettle-2.7.1-4.el7.src.rpm
Build Date  : Fri 06 Mar 2015 04:10:21 GMT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.lysator.liu.se/~nisse/nettle/
Summary     : A low-level cryptographic library
Description :
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.
Name        : gmp
Epoch       : 1
Version     : 5.1.1
Release     : 5.el7
Architecture: x86_64
Install Date: Tue 07 Oct 2014 08:57:55 GMT
Group       : System Environment/Libraries
Size        : 591695
License     : LGPLv3+
Signature   : RSA/SHA256, Fri 04 Jul 2014 01:35:49 GMT, Key ID 24c6a8a7f4a80eb5
Source RPM  : gmp-5.1.1-5.el7.src.rpm
Build Date  : Mon 09 Jun 2014 20:18:57 GMT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://gmplib.org/
Summary     : A GNU arbitrary precision library
Description :
The gmp package contains GNU MP, a library for arbitrary precision
arithmetic, signed integers operations, rational numbers and floating
point numbers. GNU MP is designed for speed, for both small and very
large operands. GNU MP is fast because it uses fullwords as the basic
arithmetic type, it uses fast algorithms, it carefully optimizes
assembly code for many CPUs' most common inner loops, and it generally
emphasizes speed over simplicity/elegance in its operations.

Install the gmp package if you need a fast arbitrary precision
library.
Name        : ocserv
Version     : 0.11.4
Release     : 1.el7
Architecture: x86_64
Install Date: Mon 12 Sep 2016 11:53:32 GMT
Group       : Unspecified
Size        : 1143904
License     : GPLv2+ and BSD and MIT and CC0
Signature   : RSA/SHA256, Fri 05 Aug 2016 12:35:10 GMT, Key ID 6a2faea2352c64e5
Source RPM  : ocserv-0.11.4-1.el7.src.rpm
Build Date  : Fri 05 Aug 2016 11:32:44 GMT
Build Host  : buildvm-19.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.infradead.org/ocserv/
Summary     : OpenConnect SSL VPN server
Description :
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server. It implements the OpenConnect
SSL VPN protocol, and has also (currently experimental) compatibility with
clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
to provide the secure VPN service.


--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

More information about the openconnect-devel mailing list