build ocserv 0.8.6 with GnuTLS 3.3.9
David Frank
bitinn at gmail.com
Thu Oct 23 00:21:44 PDT 2014
On Oct 23, 2014, at 3:07 PM, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote:
> On Wed, Oct 22, 2014 at 12:59 PM, David Frank <bitinn at gmail.com> wrote:
>> Hello,
>>
>> I wanted to try out this particular setting for ocserv
>>
>> tls-priorities = "NONE:%SERVER_PRECEDENCE:PFS"
>>
>> PFS is only available on 3.3.x, but ubuntu only have GnuTLS 3.2.x package, so I build 3.3.9 from source, and during ./configure I saw this output:
>> configure: External hardware support:
>>
>> /dev/crypto: no
>> Hardware accel: x86-64
>> Padlock accel: yes
>> PKCS#11 support: no
>> TPM support: no
>>
>> With GnuTLS installed, I try to configure and make ocserv, but saw this error:
>> sec-mod.o: In function `sec_mod_server':
>> /home/dev/tools/ocserv-0.8.6/src/sec-mod.c:458: undefined reference to `gnutls_pkcs11_reinit'
>> collect2: error: ld returned 1 exit status
>
> It seems that the OS installed library is queried in the ocserv's
> configure step, PKCS #11 is detected, and thus the error you see, as
> you don't have PKCS #11 in your compiled library. One option is to
> enable PKCS #11 support in your compiled library by installing
> p11-kit, the other is to somehow force configure to use your compiled
> library.
>
Sorry but could you explain how are PKCS support checked? As far as I can see it only check whether GnuTLS supports PKCS #11, not the environment or hardware right?
Doesn’t compiling GnuTLS with --without-p11-kit already tell ocserv to not invoke PKCS #11 related functions?
If not, could you point me in the right direction to enable p11? because with both p11-kit and libp11-kit-dev package installed, I still can’t get GnuTLS 3.3.9 to return “PKCS#11 support: yes” during configure.
I am on Ubuntu 14.04 LTS x64
Thanks a lot,
David
More information about the openconnect-devel
mailing list