Trying to build openconnect 8.20 on ubuntu 20
Dimitri Papadopoulos Orfanos
dimitri.papadopoulos at cea.fr
Mon Mar 14 03:40:47 PDT 2022
Hi,
You shouldn't need to install both libssl-dev and libgnutls28-dev.
The fact that you were initially getting the following error message
shows that you were building against OpenSSL, as this error message
originates in OpenSSL:
139960338883904:error:141E70BF:SSL
routines:tls_construct_client_hello:no protocols
available:../ssl/statem/statem_clnt.c:1112:
I guess libgnutls28-dev was initially missing. By installing it, your
build switched to GnuTLS, which appears to support the broken Cisco DTLS
version, unlike OpenSSL version 1.1.1f (the version shipping with Ubuntu
20.04).
So it's really an issue of building against OpenSSL vs. GnuTLS. It's
definitely worth documenting the OpenSSL 1.1.1f issue here:
- https://www.infradead.org/openconnect/anyconnect.html
-
https://gitlab.com/openconnect/openconnect/-/blob/master/openssl-dtls.c#L774-784
By the way, the above documentation still refers to patching and
rebuilding OpenSSL 0.9.8, 1.0.0, 1.0.1. Perhaps we should consider
retiring that part of the documentation, as versions 0.9.8, 1.0.0, 1.0.1
have reached EOL. Only 1.0.2 benefits from extended support. While the
source code should probably support prior versions, the documentation
should instead recommend patching/building supported versions of OpenSSL
(> 1.1.1 with regular support and 1.0.2 with extended support):
https://www.openssl.org/policies/releasestrat.html
Dimitri Papadopoulos
Le 14/03/2022 à 09:47, Eveno, Manuel a écrit :
> Thanks !
>
> I finally manage to have passing tests by adding those libraries :
> sudo apt install -y libxml2-dev libssl-dev gettext zlib1g-dev
> pkg-config libp11-dev p11-kit libgnutls28-dev liblz4-dev
> libp11-kit-dev libpcsclite-dev libproxy-dev libstoken-dev libxml2-dev
> zlib1g-dev
>
> Once installed, the build was successful.
> Manuel
More information about the openconnect-devel
mailing list