On 8/7/2010 3:50 PM, David Woodhouse wrote: > On Sat, 2010-08-07 at 14:27 -0500, Matthew Kitchin (public/usenet) > wrote: >> [root at VM-MKLinux script]# openssl version >> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> I guess I missed it by a few letters. I will upgrade openssl on my >> CentOS box. The version I have seems to be the most recent in the Yum >> repository.... I will get the newest manually. > Don't try to update the system version of OpenSSL -- that way lies > madness. Just build a current OpenSSL locally and then rebuild > openconnect with 'make OPENSSL=/where/you/built/openssl' so it links > statically against it. > Hmm. No luck it seems. I tried with the switch you indicated. It seems like it compiles correctly (see below) It won;t connect though. It just sits here: [root at VM-MKLinux ~]# openconnect https://216.248.9.102 --no-cert-check --script /etc/openconnect.script Attempting to connect to 216.248.9.102:443 SSL negotiation with 216.248.9.102 Do you see something obvious I did wrong? [root at VM-MKLinux openconnect-2.25]# make OPENSSL=/tmp/openssl-0.9.8m/ ( echo "IF_TUN_HDR := linux/if_tun.h"; echo "LIBPROXY_HDR := " ) > Make.config cc -c -o main.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 main.c -MD -MF .main.o.dep cc -c -o xml.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 xml.c -MD -MF .xml.o.dep cc -c -o dtls.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 dtls.c -MD -MF .dtls.o.dep cc -c -o cstp.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 cstp.c -MD -MF .cstp.o.dep cc -c -o mainloop.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 mainloop.c -MD -MF .mainloop.o.dep cc -c -o tun.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 -DIF_TUN_HDR=\"linux/if_tun.h\" tun.c -MD -MF .tun.o.dep cc -c -o ssl.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 ssl.c -MD -MF .ssl.o.dep cc -c -o http.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 http.c -MD -MF .http.o.dep cc -c -o version.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 version.c -MD -MF .version.o.dep cc -c -o securid.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 securid.c -MD -MF .securid.o.dep cc -c -o auth.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 auth.c -MD -MF .auth.o.dep ar rcs libopenconnect.a ssl.o http.o version.o securid.o auth.o cc -o openconnect main.o xml.o dtls.o cstp.o mainloop.o tun.o libopenconnect.a -lz /tmp/openssl-0.9.8m//libssl.a /tmp/openssl-0.9.8m//libcrypto.a -lxml2 -lz -lm cc -c -o nm-auth-dialog.o -O2 -g -Wall -I/tmp/openssl-0.9.8m//include -I/usr/include/libxml2 -pthread -I/usr/include/gtk-2.0 -I/usr/lib64/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/libpng12 -DORBIT2=1 -pthread -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/libxml2 nm-auth-dialog.c -MD -MF .nm-auth-dialog.o.dep cc -o nm-openconnect-auth-dialog nm-auth-dialog.o libopenconnect.a -lz /tmp/openssl-0.9.8m//libssl.a /tmp/openssl-0.9.8m//libcrypto.a -lxml2 -lz -lm -pthread -L/lib64 -lgtk-x11-2.0 -lgdk-x11-2.0 -latk-1.0 -lgdk_pixbuf-2.0 -lm -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lgthread-2.0 -lglib-2.0 -pthread -L/lib64 -lgconf-2 -lORBit-2 -lm -lgmodule-2.0 -ldl -lgthread-2.0 -lglib-2.0 -lxml2 -lz -lm [root at VM-MKLinux openconnect-2.25]# make install mkdir -p /usr/bin /usr/libexec install -m0755 openconnect /usr/bin install -m0755 nm-openconnect-auth-dialog /usr/libexec [root at VM-MKLinux openconnect-2.25]# >> OpenWRT looks like it runs openssl-util_0.9.8m-3_ar71xx.ipk so I >> should be ok if/when I get to that point. > Yep. >
