CAC modules

Mike Miller mtmiller at ieee.org
Wed Jul 11 23:15:13 EDT 2012 

On Wed, Jul 11, 2012 at 4:24 PM, David Woodhouse wrote:
> On Tue, 2012-07-10 at 17:14 -0400, Mcclelland, Michael B Mr wrote:
>> But I didn't expect to see that my build of openconnect lacked pkcs
>> support
>
> I've now got a 12.04 VM so I can test this. It seems to have two
> versions of GnuTLS available. Which did you have?
>
> With 'libgnutls-dev', OpenConnect should refuse to build — that's
> version 2.12.14 and is too old.
>
> With 'libgnutls28-dev', which is version 3.0.11, things should work
> fine. It *does* have PKCS#11 support and your token ought to work,
> although you want libssl-dev installed too to make sure you get DTLS
> (UDP transport) support.

I've also built on 12.04 against both libgnutls-dev (modified
configure to permit 2.12.14) and libgnutls28-dev and both seem to have
PKCS#11 support, although I don't have an actual token to test with.

For comparison against your configure output:

>> checking for GNUTLS... yes
>> checking for gnutls_dtls_set_data_mtu... yes
>> checking for gnutls_certificate_set_x509_system_trust... yes
>> checking for gnutls_pkcs12_simple_parse... no
>> checking for gnutls_certificate_set_key... yes
>> checking for gnutls_session_set_premaster... yes
>> checking for gnutls_pkcs11_add_provider... no

Here's what I see when building against libgnutls-dev (2.12.14-5ubuntu3)
checking for GNUTLS... yes
checking for gnutls_dtls_set_data_mtu... no
checking for gnutls_certificate_set_x509_system_trust... no
checking for gnutls_pkcs12_simple_parse... no
checking for gnutls_certificate_set_key... no
checking for gnutls_session_set_premaster... no
checking for gnutls_pkcs11_add_provider... yes

and against libgnutls28-dev (3.0.11-1ubuntu2)
checking for GNUTLS... yes
checking for gnutls_dtls_set_data_mtu... no
checking for gnutls_certificate_set_x509_system_trust... no
checking for gnutls_pkcs12_simple_parse... no
checking for gnutls_certificate_set_key... yes
checking for gnutls_session_set_premaster... no
checking for gnutls_pkcs11_add_provider... yes

-- 
mike

More information about the openconnect-devel mailing list