Trying to build openconnect 8.20 on ubuntu 20
Eveno, Manuel
meveno at timwi.com
Mon Mar 14 01:47:23 PDT 2022
Thanks !
I finally manage to have passing tests by adding those libraries :
sudo apt install -y libxml2-dev libssl-dev gettext zlib1g-dev
pkg-config libp11-dev p11-kit libgnutls28-dev liblz4-dev
libp11-kit-dev libpcsclite-dev libproxy-dev libstoken-dev libxml2-dev
zlib1g-dev
Once installed, the build was successful.
Manuel
On Tue, Mar 8, 2022 at 1:42 AM Daniel Lenski <dlenski at gmail.com> wrote:
>
> On Mon, Mar 7, 2022 at 3:44 PM Daniel Lenski <dlenski at gmail.com> wrote:
> >
> > On Fri, Mar 4, 2022 at 6:25 AM Eveno, Manuel <meveno at timwi.com> wrote:
> > > $ cat openconnect-8.20/tests/test-suite.log
> > > ------------- Output : --------------------
> > > FAIL: bad_dtls_test
> >
> > 1. If you just want to *use* OpenConnect with a Fortinet VPN, then
> > this failing test result does not matter.
> >
> > This particular test exists only to verify that the "ekstra speshul"
> > weird/broken/non-standard/pre-1.0 version of DTLS used by old **Cisco
> > AnyConnect** VPNs is working correctly. Linux distributions and crypto
> > libraries keep forgetting that this version of DTLS is sadly still
> > needed, so they frequently break it. And we have to figure out who to
> > ask to get the libraries fixed. 😔
>
> Our continuous integration pipeline builds against Ubuntu 18.04
> (https://gitlab.com/openconnect/openconnect/-/jobs/2115365633), which
> distributes OpenSSL 1.1.1
> (https://packages.ubuntu.com/bionic-updates/libssl-dev)… but Ubuntu
> 20.04 distributes OpenSSL 1.1.1f
> (https://packages.ubuntu.com/focal-updates/libssl-dev).
>
> @David, perhaps we need to add OpenSSL 1.1.1f to our list of OpenSSL
> versions whose DTLS implementations don't work with Cisco?
>
> - https://www.infradead.org/openconnect/anyconnect.html
> - https://gitlab.com/openconnect/openconnect/-/blob/master/openssl-dtls.c#L774-784
>
> Dan
More information about the openconnect-devel
mailing list