libhogweed.so.2 undefined symbol __gmpn_cnd_add_n

Nux! nux at li.nux.ro
Tue Sep 13 08:02:58 PDT 2016 

Nikos,

Time permits, try with a letsencrypt cert, with a self-signed one it doesn't complain.

Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos at gmail.com>
> To: "Nux!" <nux at li.nux.ro>
> Cc: "openconnect-devel" <openconnect-devel at lists.infradead.org>
> Sent: Tuesday, 13 September, 2016 15:56:13
> Subject: Re: libhogweed.so.2 undefined symbol __gmpn_cnd_add_n

> That seems like some conflict between gmp and nettle. I cannot seem to
> be able to reproduce on updated centos7.
> 
> On Mon, Sep 12, 2016 at 3:12 PM, Nux! <nux at li.nux.ro> wrote:
>> Hi,
>>
>> I am trying to use ocserv with a letsencrypt cert, however I get the following
>> error when trying to access it via https.
>>
>> It works just fine with self-signed certs.
>>
>> OS is CentOS7 with ocserv from EPEL, for versions check below.
>>
>> This is my config:
>>
>> [root at ocserv-vpn-test ~]# cat /etc/ocserv/ocserv.conf
>> auth = "plain[passwd=/etc/ocserv/ocpasswd]"
>> server-cert = /etc/letsencrypt/live/ocservtest.$DOMAIN/fullchain.pem
>> server-key = /etc/letsencrypt/live/ocservtest.$DOMAIN/privkey.pem
>> tcp-port = 443
>> udp-port = 443
>> dns = 8.8.8.8
>> dns = 8.8.4.4
>> try-mtu-discovery = true
>> cisco-client-compat = true
>> socket-file = ocserv.sock
>> device = vpns
>> ipv4-network = 192.168.1.0/24
>>
>>
>> This is what happens:
>>
>> [root at ocserv-vpn-test ~]# ocserv --config=/etc/ocserv/ocserv.conf -f -d 1
>> Setting 'plain' as primary authentication method
>> Setting 'file' as supplemental config option
>> listening (TCP) on 0.0.0.0:443...
>> listening (TCP) on [::]:443...
>> listening (UDP) on 0.0.0.0:443...
>> listening (UDP) on [::]:443...
>> ocserv[16784]: main: not using control unix socket
>> ocserv[16784]: main: initialized ocserv 0.11.4
>> ocserv[16785]: sec-mod: reading supplemental config from files
>> ocserv[16785]: sec-mod: sec-mod initialized (socket: ocserv.sock.16784)
>> ocserv: symbol lookup error: /lib64/libhogweed.so.2: undefined symbol:
>> __gmpn_cnd_add_n
>> ocserv[16784]: main: $IP:47952 user disconnected (reason: unspecified, rx: 0,
>> tx: 0)
>>
>>
>>
>>
>>
>> Selinux is permissive.
>>
>>
>> [root at ocserv-vpn-test ~]# rpm -qi nettle gmp ocserv
>> Name        : nettle
>> Version     : 2.7.1
>> Release     : 4.el7
>> Architecture: x86_64
>> Install Date: Mon 12 Sep 2016 11:52:52 GMT
>> Group       : Development/Libraries
>> Size        : 764914
>> License     : LGPLv2+
>> Signature   : RSA/SHA256, Sat 14 Mar 2015 08:19:20 GMT, Key ID 24c6a8a7f4a80eb5
>> Source RPM  : nettle-2.7.1-4.el7.src.rpm
>> Build Date  : Fri 06 Mar 2015 04:10:21 GMT
>> Build Host  : worker1.bsys.centos.org
>> Relocations : (not relocatable)
>> Packager    : CentOS BuildSystem <http://bugs.centos.org>
>> Vendor      : CentOS
>> URL         : http://www.lysator.liu.se/~nisse/nettle/
>> Summary     : A low-level cryptographic library
>> Description :
>> Nettle is a cryptographic library that is designed to fit easily in more
>> or less any context: In crypto toolkits for object-oriented languages
>> (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
>> kernel space.
>> Name        : gmp
>> Epoch       : 1
>> Version     : 5.1.1
>> Release     : 5.el7
>> Architecture: x86_64
>> Install Date: Tue 07 Oct 2014 08:57:55 GMT
>> Group       : System Environment/Libraries
>> Size        : 591695
>> License     : LGPLv3+
>> Signature   : RSA/SHA256, Fri 04 Jul 2014 01:35:49 GMT, Key ID 24c6a8a7f4a80eb5
>> Source RPM  : gmp-5.1.1-5.el7.src.rpm
>> Build Date  : Mon 09 Jun 2014 20:18:57 GMT
>> Build Host  : worker1.bsys.centos.org
>> Relocations : (not relocatable)
>> Packager    : CentOS BuildSystem <http://bugs.centos.org>
>> Vendor      : CentOS
>> URL         : http://gmplib.org/
>> Summary     : A GNU arbitrary precision library
>> Description :
>> The gmp package contains GNU MP, a library for arbitrary precision
>> arithmetic, signed integers operations, rational numbers and floating
>> point numbers. GNU MP is designed for speed, for both small and very
>> large operands. GNU MP is fast because it uses fullwords as the basic
>> arithmetic type, it uses fast algorithms, it carefully optimizes
>> assembly code for many CPUs' most common inner loops, and it generally
>> emphasizes speed over simplicity/elegance in its operations.
>>
>> Install the gmp package if you need a fast arbitrary precision
>> library.
>> Name        : ocserv
>> Version     : 0.11.4
>> Release     : 1.el7
>> Architecture: x86_64
>> Install Date: Mon 12 Sep 2016 11:53:32 GMT
>> Group       : Unspecified
>> Size        : 1143904
>> License     : GPLv2+ and BSD and MIT and CC0
>> Signature   : RSA/SHA256, Fri 05 Aug 2016 12:35:10 GMT, Key ID 6a2faea2352c64e5
>> Source RPM  : ocserv-0.11.4-1.el7.src.rpm
>> Build Date  : Fri 05 Aug 2016 11:32:44 GMT
>> Build Host  : buildvm-19.phx2.fedoraproject.org
>> Relocations : (not relocatable)
>> Packager    : Fedora Project
>> Vendor      : Fedora Project
>> URL         : http://www.infradead.org/ocserv/
>> Summary     : OpenConnect SSL VPN server
>> Description :
>> OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
>> secure, small, fast and configurable VPN server. It implements the OpenConnect
>> SSL VPN protocol, and has also (currently experimental) compatibility with
>> clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
>> uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
>> to provide the secure VPN service.
>>
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> _______________________________________________
>> openconnect-devel mailing list
>> openconnect-devel at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/openconnect-devel

More information about the openconnect-devel mailing list