CAC modules
Mcclelland, Michael B Mr CTR USN USA
michael.b.mcclelland at us.army.mil
Tue Jul 10 17:14:55 EDT 2012
I usually don't build from source so there is a good chance I did screw this up but here's what's happening.
I built p11 and it can see my token:
view at view:~/Desktop$ sudo p11tool --list-tokens
Token 0:
URL: pkcs11:library-description=CACKey;library-manufacturer=U.S.%20Government;model=CAC%20Token;manufacturer=U.S.%20Government;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.125031%00
Label: MCCLELLAND.MICHAEL.BLAIR.125031
Manufacturer: U.S. Government
Model: CAC Token
Serial:
But it seems to be having trouble pulling a certificate:
sudo p11tool --list-all --login
Token 'MCCLELLAND.MICHAEL.BLAIR.125031' with URL 'pkcs11:model=CAC%20Token;manufacturer=U.S.%20Government;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.125031%00' requires user PIN
Enter PIN:
No matching objects found
But I didn't expect to see that my build of openconnect lacked pkcs support
openconnect -c 'pkcs11:library-description=CACKey;library-manufacturer=U.S.%20Government;model=CAC%20Token;manufacturer=U.S.%20Government;serial=%20;token=MCCLELLAND.MICHAEL.BLAIR.125031%00' https://blahblahblah.blah/
Attempting to connect to 198.253.24.115:443
This binary built without PKCS#11 support
Loading certificate failed. Aborting.
Failed to open HTTPS connection to blahblahblah.blah
Failed to obtain WebVPN cookie
For building I followed the website's instructions and ran ./configure --with-gnutls
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking whether to enable maintainer-specific portions of Makefiles... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
configure: Applying feature macros for GNU build
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking for fdevname_r... no
checking for getline... yes
checking for strcasestr... yes
checking for asprintf... yes
checking for supported compiler flags... -Wall -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-unused-parameter -Werror=pointer-to-int-cast -Wdeclaration-after-statement -Werror-implicit-function-declaration -Wformat-nonliteral -Wformat-security -Winit-self -Wmissing-declarations -Wmissing-include-dirs -Wnested-externs -Wpointer-arith -Wwrite-strings
checking for msgfmt... /usr/bin/msgfmt
checking for functional NLS support... yes
checking for GNUTLS... yes
checking for gnutls_dtls_set_data_mtu... yes
checking for gnutls_certificate_set_x509_system_trust... yes
checking for gnutls_pkcs12_simple_parse... no
checking for gnutls_certificate_set_key... yes
checking for gnutls_session_set_premaster... yes
checking for gnutls_pkcs11_add_provider... no
checking for tss library... no
checking how to print strings... printf
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert i686-pc-linux-gnu file names to i686-pc-linux-gnu format... func_convert_file_noop
checking how to convert i686-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking if library symbol versioning is available... yes (with --version-script)
checking for LIBXML2... yes
checking for ZLIB... yes
checking for LIBPROXY... no
checking for libproxy... no
checking if_tun.h usability... no
checking if_tun.h presence... no
checking for if_tun.h... no
checking linux/if_tun.h usability... yes
checking linux/if_tun.h presence... yes
checking for linux/if_tun.h... yes
checking for python... /usr/bin/python
configure: creating ./config.status
config.status: creating Makefile
config.status: creating openconnect.pc
config.status: creating po/Makefile
config.status: creating www/Makefile
config.status: creating libopenconnect.map
config.status: creating openconnect.8
config.status: creating www/styles/Makefile
config.status: creating www/inc/Makefile
config.status: creating www/images/Makefile
config.status: executing depfiles commands
config.status: executing libtool commands
make
Making all in www
make[1]: Entering directory `/home/view/Desktop/openconnect-4.04/www'
Making all in styles
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www/styles'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/styles'
Making all in inc
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www/inc'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/inc'
Making all in images
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www/images'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/images'
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www'
groff -t -K UTF-8 -mandoc -Txhtml ../openconnect.8 | sed -e '1,/<body>/d' -e '/<\/body>/,$d' > openconnect.8.inc
groff: can't find `DESC' file
groff:fatal error: invalid device `html' (try installing the `groff' package?)
/usr/bin/python "./html.py" -d . manual.xml > manual.html || (rm manual.html; exit 1)
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www'
make[1]: Leaving directory `/home/view/Desktop/openconnect-4.04/www'
Making all in po
make[1]: Entering directory `/home/view/Desktop/openconnect-4.04/po'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/home/view/Desktop/openconnect-4.04/po'
make[1]: Entering directory `/home/view/Desktop/openconnect-4.04'
CCLD libopenconnect.la
CCLD openconnect
make[1]: Leaving directory `/home/view/Desktop/openconnect-4.04'
Then make install
Making install in www
make[1]: Entering directory `/home/view/Desktop/openconnect-4.04/www'
Making install in styles
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www/styles'
make[3]: Entering directory `/home/view/Desktop/openconnect-4.04/www/styles'
make[3]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/share/doc/openconnect/styles" || /bin/mkdir -p "/usr/local/share/doc/openconnect/styles"
/usr/bin/install -c -m 644 main.css '/usr/local/share/doc/openconnect/styles'
make[3]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/styles'
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/styles'
Making install in inc
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www/inc'
make[3]: Entering directory `/home/view/Desktop/openconnect-4.04/www/inc'
make[3]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/share/doc/openconnect/inc" || /bin/mkdir -p "/usr/local/share/doc/openconnect/inc"
/usr/bin/install -c -m 644 ./content.tmpl ./footer.tmpl ./header.tmpl '/usr/local/share/doc/openconnect/inc'
make[3]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/inc'
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/inc'
Making install in images
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www/images'
make[3]: Entering directory `/home/view/Desktop/openconnect-4.04/www/images'
make[3]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/share/doc/openconnect/images" || /bin/mkdir -p "/usr/local/share/doc/openconnect/images"
/usr/bin/install -c -m 644 ./left2.png ./left.png ./leftsel2.png ./leftsel.png ./openconnect.png ./right2.png ./right.png ./rightsel2.png ./rightsel.png ./openconnect.svg '/usr/local/share/doc/openconnect/images'
make[3]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/images'
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www/images'
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/www'
make[3]: Entering directory `/home/view/Desktop/openconnect-4.04/www'
make[3]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/share/doc/openconnect" || /bin/mkdir -p "/usr/local/share/doc/openconnect"
/usr/bin/install -c -m 644 csd.html features.html gui.html nonroot.html building.html connecting.html manual.html vpnc-script.html changelog.html download.html index.html packages.html platforms.html contribute.html mail.html technical.html '/usr/local/share/doc/openconnect'
make[3]: Leaving directory `/home/view/Desktop/openconnect-4.04/www'
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/www'
make[1]: Leaving directory `/home/view/Desktop/openconnect-4.04/www'
Making install in po
make[1]: Entering directory `/home/view/Desktop/openconnect-4.04/po'
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04/po'
make[2]: Nothing to be done for `install-exec-am'.
make install-data-hook
make[3]: Entering directory `/home/view/Desktop/openconnect-4.04/po'
linguas="ar as ast bg_BG bg bn_IN bn bs ca ca at valencia cs da de el en_GB en_US eo es_CR es_MX es et eu fa fi fr gd gl gu he hi_IN hi hu id it ja km kn ko ku lo lt lv ml mr ms_MY ms nb nl nn no or pa pl pt_BR pt pt_PT ro ru sk sl sq sr at latin sr sv ta te tg tg_TJ th tl_PH tl tr ug uk ur_PK vi vi_VN wa zh_CN zh_HK zh_TW"; \
for l in $linguas; do \
dir="/usr/local/share/locale/$l/LC_MESSAGES"; \
/bin/mkdir -p $dir; \
echo Installing $l.mo to $dir/openconnect.mo ; \
/usr/bin/install -c -m 644 $l.mo $dir/openconnect.mo; \
done
Installing ar.mo to /usr/local/share/locale/ar/LC_MESSAGES/openconnect.mo
Installing as.mo to /usr/local/share/locale/as/LC_MESSAGES/openconnect.mo
Installing ast.mo to /usr/local/share/locale/ast/LC_MESSAGES/openconnect.mo
Installing bg_BG.mo to /usr/local/share/locale/bg_BG/LC_MESSAGES/openconnect.mo
Installing bg.mo to /usr/local/share/locale/bg/LC_MESSAGES/openconnect.mo
Installing bn_IN.mo to /usr/local/share/locale/bn_IN/LC_MESSAGES/openconnect.mo
Installing bn.mo to /usr/local/share/locale/bn/LC_MESSAGES/openconnect.mo
Installing bs.mo to /usr/local/share/locale/bs/LC_MESSAGES/openconnect.mo
Installing ca.mo to /usr/local/share/locale/ca/LC_MESSAGES/openconnect.mo
Installing ca at valencia.mo to /usr/local/share/locale/ca at valencia/LC_MESSAGES/openconnect.mo
Installing cs.mo to /usr/local/share/locale/cs/LC_MESSAGES/openconnect.mo
Installing da.mo to /usr/local/share/locale/da/LC_MESSAGES/openconnect.mo
Installing de.mo to /usr/local/share/locale/de/LC_MESSAGES/openconnect.mo
Installing el.mo to /usr/local/share/locale/el/LC_MESSAGES/openconnect.mo
Installing en_GB.mo to /usr/local/share/locale/en_GB/LC_MESSAGES/openconnect.mo
Installing en_US.mo to /usr/local/share/locale/en_US/LC_MESSAGES/openconnect.mo
Installing eo.mo to /usr/local/share/locale/eo/LC_MESSAGES/openconnect.mo
Installing es_CR.mo to /usr/local/share/locale/es_CR/LC_MESSAGES/openconnect.mo
Installing es_MX.mo to /usr/local/share/locale/es_MX/LC_MESSAGES/openconnect.mo
Installing es.mo to /usr/local/share/locale/es/LC_MESSAGES/openconnect.mo
Installing et.mo to /usr/local/share/locale/et/LC_MESSAGES/openconnect.mo
Installing eu.mo to /usr/local/share/locale/eu/LC_MESSAGES/openconnect.mo
Installing fa.mo to /usr/local/share/locale/fa/LC_MESSAGES/openconnect.mo
Installing fi.mo to /usr/local/share/locale/fi/LC_MESSAGES/openconnect.mo
Installing fr.mo to /usr/local/share/locale/fr/LC_MESSAGES/openconnect.mo
Installing gd.mo to /usr/local/share/locale/gd/LC_MESSAGES/openconnect.mo
Installing gl.mo to /usr/local/share/locale/gl/LC_MESSAGES/openconnect.mo
Installing gu.mo to /usr/local/share/locale/gu/LC_MESSAGES/openconnect.mo
Installing he.mo to /usr/local/share/locale/he/LC_MESSAGES/openconnect.mo
Installing hi_IN.mo to /usr/local/share/locale/hi_IN/LC_MESSAGES/openconnect.mo
Installing hi.mo to /usr/local/share/locale/hi/LC_MESSAGES/openconnect.mo
Installing hu.mo to /usr/local/share/locale/hu/LC_MESSAGES/openconnect.mo
Installing id.mo to /usr/local/share/locale/id/LC_MESSAGES/openconnect.mo
Installing it.mo to /usr/local/share/locale/it/LC_MESSAGES/openconnect.mo
Installing ja.mo to /usr/local/share/locale/ja/LC_MESSAGES/openconnect.mo
Installing km.mo to /usr/local/share/locale/km/LC_MESSAGES/openconnect.mo
Installing kn.mo to /usr/local/share/locale/kn/LC_MESSAGES/openconnect.mo
Installing ko.mo to /usr/local/share/locale/ko/LC_MESSAGES/openconnect.mo
Installing ku.mo to /usr/local/share/locale/ku/LC_MESSAGES/openconnect.mo
Installing lo.mo to /usr/local/share/locale/lo/LC_MESSAGES/openconnect.mo
Installing lt.mo to /usr/local/share/locale/lt/LC_MESSAGES/openconnect.mo
Installing lv.mo to /usr/local/share/locale/lv/LC_MESSAGES/openconnect.mo
Installing ml.mo to /usr/local/share/locale/ml/LC_MESSAGES/openconnect.mo
Installing mr.mo to /usr/local/share/locale/mr/LC_MESSAGES/openconnect.mo
Installing ms_MY.mo to /usr/local/share/locale/ms_MY/LC_MESSAGES/openconnect.mo
Installing ms.mo to /usr/local/share/locale/ms/LC_MESSAGES/openconnect.mo
Installing nb.mo to /usr/local/share/locale/nb/LC_MESSAGES/openconnect.mo
Installing nl.mo to /usr/local/share/locale/nl/LC_MESSAGES/openconnect.mo
Installing nn.mo to /usr/local/share/locale/nn/LC_MESSAGES/openconnect.mo
Installing no.mo to /usr/local/share/locale/no/LC_MESSAGES/openconnect.mo
Installing or.mo to /usr/local/share/locale/or/LC_MESSAGES/openconnect.mo
Installing pa.mo to /usr/local/share/locale/pa/LC_MESSAGES/openconnect.mo
Installing pl.mo to /usr/local/share/locale/pl/LC_MESSAGES/openconnect.mo
Installing pt_BR.mo to /usr/local/share/locale/pt_BR/LC_MESSAGES/openconnect.mo
Installing pt.mo to /usr/local/share/locale/pt/LC_MESSAGES/openconnect.mo
Installing pt_PT.mo to /usr/local/share/locale/pt_PT/LC_MESSAGES/openconnect.mo
Installing ro.mo to /usr/local/share/locale/ro/LC_MESSAGES/openconnect.mo
Installing ru.mo to /usr/local/share/locale/ru/LC_MESSAGES/openconnect.mo
Installing sk.mo to /usr/local/share/locale/sk/LC_MESSAGES/openconnect.mo
Installing sl.mo to /usr/local/share/locale/sl/LC_MESSAGES/openconnect.mo
Installing sq.mo to /usr/local/share/locale/sq/LC_MESSAGES/openconnect.mo
Installing sr at latin.mo to /usr/local/share/locale/sr at latin/LC_MESSAGES/openconnect.mo
Installing sr.mo to /usr/local/share/locale/sr/LC_MESSAGES/openconnect.mo
Installing sv.mo to /usr/local/share/locale/sv/LC_MESSAGES/openconnect.mo
Installing ta.mo to /usr/local/share/locale/ta/LC_MESSAGES/openconnect.mo
Installing te.mo to /usr/local/share/locale/te/LC_MESSAGES/openconnect.mo
Installing tg.mo to /usr/local/share/locale/tg/LC_MESSAGES/openconnect.mo
Installing tg_TJ.mo to /usr/local/share/locale/tg_TJ/LC_MESSAGES/openconnect.mo
Installing th.mo to /usr/local/share/locale/th/LC_MESSAGES/openconnect.mo
Installing tl_PH.mo to /usr/local/share/locale/tl_PH/LC_MESSAGES/openconnect.mo
Installing tl.mo to /usr/local/share/locale/tl/LC_MESSAGES/openconnect.mo
Installing tr.mo to /usr/local/share/locale/tr/LC_MESSAGES/openconnect.mo
Installing ug.mo to /usr/local/share/locale/ug/LC_MESSAGES/openconnect.mo
Installing uk.mo to /usr/local/share/locale/uk/LC_MESSAGES/openconnect.mo
Installing ur_PK.mo to /usr/local/share/locale/ur_PK/LC_MESSAGES/openconnect.mo
Installing vi.mo to /usr/local/share/locale/vi/LC_MESSAGES/openconnect.mo
Installing vi_VN.mo to /usr/local/share/locale/vi_VN/LC_MESSAGES/openconnect.mo
Installing wa.mo to /usr/local/share/locale/wa/LC_MESSAGES/openconnect.mo
Installing zh_CN.mo to /usr/local/share/locale/zh_CN/LC_MESSAGES/openconnect.mo
Installing zh_HK.mo to /usr/local/share/locale/zh_HK/LC_MESSAGES/openconnect.mo
Installing zh_TW.mo to /usr/local/share/locale/zh_TW/LC_MESSAGES/openconnect.mo
make[3]: Leaving directory `/home/view/Desktop/openconnect-4.04/po'
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04/po'
make[1]: Leaving directory `/home/view/Desktop/openconnect-4.04/po'
make[1]: Entering directory `/home/view/Desktop/openconnect-4.04'
make[2]: Entering directory `/home/view/Desktop/openconnect-4.04'
test -z "/usr/local/lib" || /bin/mkdir -p "/usr/local/lib"
/bin/bash ./libtool --mode=install /usr/bin/install -c libopenconnect.la '/usr/local/lib'
libtool: install: /usr/bin/install -c .libs/libopenconnect.so.2.0.0 /usr/local/lib/libopenconnect.so.2.0.0
libtool: install: (cd /usr/local/lib && { ln -s -f libopenconnect.so.2.0.0 libopenconnect.so.2 || { rm -f libopenconnect.so.2 && ln -s libopenconnect.so.2.0.0 libopenconnect.so.2; }; })
libtool: install: (cd /usr/local/lib && { ln -s -f libopenconnect.so.2.0.0 libopenconnect.so || { rm -f libopenconnect.so && ln -s libopenconnect.so.2.0.0 libopenconnect.so; }; })
libtool: install: /usr/bin/install -c .libs/libopenconnect.lai /usr/local/lib/libopenconnect.la
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/sbin" ldconfig -n /usr/local/lib
----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/lib
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
test -z "/usr/local/sbin" || /bin/mkdir -p "/usr/local/sbin"
/bin/bash ./libtool --mode=install /usr/bin/install -c openconnect '/usr/local/sbin'
libtool: install: /usr/bin/install -c .libs/openconnect /usr/local/sbin/openconnect
test -z "/usr/local/include" || /bin/mkdir -p "/usr/local/include"
/usr/bin/install -c -m 644 openconnect.h '/usr/local/include'
test -z "/usr/local/share/man/man8" || /bin/mkdir -p "/usr/local/share/man/man8"
/usr/bin/install -c -m 644 openconnect.8 '/usr/local/share/man/man8'
test -z "/usr/local/lib/pkgconfig" || /bin/mkdir -p "/usr/local/lib/pkgconfig"
/usr/bin/install -c -m 644 openconnect.pc '/usr/local/lib/pkgconfig'
make[2]: Leaving directory `/home/view/Desktop/openconnect-4.04'
make[1]: Leaving directory `/home/view/Desktop/openconnect-4.04'
Other than copying two of open connects libraries to the standard library folder I haven't deviated from the directions presented on the website.
As far as source goes for the dependencies I just grabbed the newest thing I could find. I assume that was okay?
Thank you in advance for your advice and patience.
Mac
More information about the openconnect-devel
mailing list