libhogweed.so.2 undefined symbol __gmpn_cnd_add_n
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Sep 13 07:56:13 PDT 2016
That seems like some conflict between gmp and nettle. I cannot seem to
be able to reproduce on updated centos7.
On Mon, Sep 12, 2016 at 3:12 PM, Nux! <nux at li.nux.ro> wrote:
> Hi,
>
> I am trying to use ocserv with a letsencrypt cert, however I get the following error when trying to access it via https.
>
> It works just fine with self-signed certs.
>
> OS is CentOS7 with ocserv from EPEL, for versions check below.
>
> This is my config:
>
> [root at ocserv-vpn-test ~]# cat /etc/ocserv/ocserv.conf
> auth = "plain[passwd=/etc/ocserv/ocpasswd]"
> server-cert = /etc/letsencrypt/live/ocservtest.$DOMAIN/fullchain.pem
> server-key = /etc/letsencrypt/live/ocservtest.$DOMAIN/privkey.pem
> tcp-port = 443
> udp-port = 443
> dns = 8.8.8.8
> dns = 8.8.4.4
> try-mtu-discovery = true
> cisco-client-compat = true
> socket-file = ocserv.sock
> device = vpns
> ipv4-network = 192.168.1.0/24
>
>
> This is what happens:
>
> [root at ocserv-vpn-test ~]# ocserv --config=/etc/ocserv/ocserv.conf -f -d 1
> Setting 'plain' as primary authentication method
> Setting 'file' as supplemental config option
> listening (TCP) on 0.0.0.0:443...
> listening (TCP) on [::]:443...
> listening (UDP) on 0.0.0.0:443...
> listening (UDP) on [::]:443...
> ocserv[16784]: main: not using control unix socket
> ocserv[16784]: main: initialized ocserv 0.11.4
> ocserv[16785]: sec-mod: reading supplemental config from files
> ocserv[16785]: sec-mod: sec-mod initialized (socket: ocserv.sock.16784)
> ocserv: symbol lookup error: /lib64/libhogweed.so.2: undefined symbol: __gmpn_cnd_add_n
> ocserv[16784]: main: $IP:47952 user disconnected (reason: unspecified, rx: 0, tx: 0)
>
>
>
>
>
> Selinux is permissive.
>
>
> [root at ocserv-vpn-test ~]# rpm -qi nettle gmp ocserv
> Name : nettle
> Version : 2.7.1
> Release : 4.el7
> Architecture: x86_64
> Install Date: Mon 12 Sep 2016 11:52:52 GMT
> Group : Development/Libraries
> Size : 764914
> License : LGPLv2+
> Signature : RSA/SHA256, Sat 14 Mar 2015 08:19:20 GMT, Key ID 24c6a8a7f4a80eb5
> Source RPM : nettle-2.7.1-4.el7.src.rpm
> Build Date : Fri 06 Mar 2015 04:10:21 GMT
> Build Host : worker1.bsys.centos.org
> Relocations : (not relocatable)
> Packager : CentOS BuildSystem <http://bugs.centos.org>
> Vendor : CentOS
> URL : http://www.lysator.liu.se/~nisse/nettle/
> Summary : A low-level cryptographic library
> Description :
> Nettle is a cryptographic library that is designed to fit easily in more
> or less any context: In crypto toolkits for object-oriented languages
> (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
> kernel space.
> Name : gmp
> Epoch : 1
> Version : 5.1.1
> Release : 5.el7
> Architecture: x86_64
> Install Date: Tue 07 Oct 2014 08:57:55 GMT
> Group : System Environment/Libraries
> Size : 591695
> License : LGPLv3+
> Signature : RSA/SHA256, Fri 04 Jul 2014 01:35:49 GMT, Key ID 24c6a8a7f4a80eb5
> Source RPM : gmp-5.1.1-5.el7.src.rpm
> Build Date : Mon 09 Jun 2014 20:18:57 GMT
> Build Host : worker1.bsys.centos.org
> Relocations : (not relocatable)
> Packager : CentOS BuildSystem <http://bugs.centos.org>
> Vendor : CentOS
> URL : http://gmplib.org/
> Summary : A GNU arbitrary precision library
> Description :
> The gmp package contains GNU MP, a library for arbitrary precision
> arithmetic, signed integers operations, rational numbers and floating
> point numbers. GNU MP is designed for speed, for both small and very
> large operands. GNU MP is fast because it uses fullwords as the basic
> arithmetic type, it uses fast algorithms, it carefully optimizes
> assembly code for many CPUs' most common inner loops, and it generally
> emphasizes speed over simplicity/elegance in its operations.
>
> Install the gmp package if you need a fast arbitrary precision
> library.
> Name : ocserv
> Version : 0.11.4
> Release : 1.el7
> Architecture: x86_64
> Install Date: Mon 12 Sep 2016 11:53:32 GMT
> Group : Unspecified
> Size : 1143904
> License : GPLv2+ and BSD and MIT and CC0
> Signature : RSA/SHA256, Fri 05 Aug 2016 12:35:10 GMT, Key ID 6a2faea2352c64e5
> Source RPM : ocserv-0.11.4-1.el7.src.rpm
> Build Date : Fri 05 Aug 2016 11:32:44 GMT
> Build Host : buildvm-19.phx2.fedoraproject.org
> Relocations : (not relocatable)
> Packager : Fedora Project
> Vendor : Fedora Project
> URL : http://www.infradead.org/ocserv/
> Summary : OpenConnect SSL VPN server
> Description :
> OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
> secure, small, fast and configurable VPN server. It implements the OpenConnect
> SSL VPN protocol, and has also (currently experimental) compatibility with
> clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
> uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
> to provide the secure VPN service.
>
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list