On Wed, Jul 11, 2012 at 4:24 PM, David Woodhouse wrote: > On Tue, 2012-07-10 at 17:14 -0400, Mcclelland, Michael B Mr wrote: >> But I didn't expect to see that my build of openconnect lacked pkcs >> support > > I've now got a 12.04 VM so I can test this. It seems to have two > versions of GnuTLS available. Which did you have? > > With 'libgnutls-dev', OpenConnect should refuse to build ? that's > version 2.12.14 and is too old. > > With 'libgnutls28-dev', which is version 3.0.11, things should work > fine. It *does* have PKCS#11 support and your token ought to work, > although you want libssl-dev installed too to make sure you get DTLS > (UDP transport) support. I've also built on 12.04 against both libgnutls-dev (modified configure to permit 2.12.14) and libgnutls28-dev and both seem to have PKCS#11 support, although I don't have an actual token to test with. For comparison against your configure output: >> checking for GNUTLS... yes >> checking for gnutls_dtls_set_data_mtu... yes >> checking for gnutls_certificate_set_x509_system_trust... yes >> checking for gnutls_pkcs12_simple_parse... no >> checking for gnutls_certificate_set_key... yes >> checking for gnutls_session_set_premaster... yes >> checking for gnutls_pkcs11_add_provider... no Here's what I see when building against libgnutls-dev (2.12.14-5ubuntu3) checking for GNUTLS... yes checking for gnutls_dtls_set_data_mtu... no checking for gnutls_certificate_set_x509_system_trust... no checking for gnutls_pkcs12_simple_parse... no checking for gnutls_certificate_set_key... no checking for gnutls_session_set_premaster... no checking for gnutls_pkcs11_add_provider... yes and against libgnutls28-dev (3.0.11-1ubuntu2) checking for GNUTLS... yes checking for gnutls_dtls_set_data_mtu... no checking for gnutls_certificate_set_x509_system_trust... no checking for gnutls_pkcs12_simple_parse... no checking for gnutls_certificate_set_key... yes checking for gnutls_session_set_premaster... no checking for gnutls_pkcs11_add_provider... yes -- mike